Worm spreading via Yahoo Messenger, hits Skype too


on off on off......
I was faceing this prob some days back when i was talking with my old friend on yahoo...and suddenly like this foto: messages was comeing from her side..i was like wat photo u shareing lolz...but her reply was i am not doing anything i dont know how these links r comeing....i thought she doing some prank..so i ignored those links..but today wat i have founded thats its a worm which effected yahoo...yup thatz not prank :em...well may be many ppl up there have been effected by this...but not me :d ... thanks to kaspersky


A worm is spreading via Yahoo Instant Messenger Thursday that tricks people into downloading what they think is a photo from a friend but is instead malware that installs a backdoor on Windows systems and spreads to a victim's IM contacts.

The worm arrives via a message from a contact with the word "photo" or "photos" and a smiley face icon, along with a link to a Web site resembling a Facebook page, MySpace page, or some other page where photos might reside.

If the user clicks on the link on a Macintosh system, an executable file will be downloaded, but no further action will occur. On a Windows system, the executable will download and if the user runs the file, the computer will become infected and the malicious message will be distributed to all of the IM contacts.

"Once run, the worm copies itself to %WinDir%\infocard.exe, then it adds itself to the Windows Firewall List," modifies registry keys, and stops the Windows Updates service, according to Symantec.

Symantec detects the malware as W32.Yimfoca and said it affects Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, and Windows 2000.

"It's very dangerous," Zulfikar Ramzan, technical director at Symantec Security Response, said in an interview. "When you get an IM from someone you know you're more likely to click on it."

The worm drops software onto infected computers that can be used to turn them into zombies on a botnet, he said. But, once that back door is on the compromised system anything really is possible, he added.

BitDefender said in a blog post that the "aggressive" worm is part of a family of worms that can intercept passwords and other sensitive data.

Security firm Bkis also has information on the worm, which has been spreading throughout the week.

Yahoo said in a blog post that it was aware of the issue and working to address it.

"We recently learned of an issue where some users have received spam messages from their contact list. Yahoo Messenger has quickly worked to resolve the situation," the post said. "As always, we recommend that any Yahoo Messenger user who receives a suspicious instant message with a link first IM their friend to ensure the message is legitimate before moving forward. Users should not download executable (.exe) files that are sent through Yahoo Messenger." Internet users should also keep their antivirus up to date, Yahoo recommended.​


on off on off......
Re: Worm spreading via Yahoo Messenger

New version of Yahoo IM worm hits Skype too


On the heels of a worm that was installing backdoors on Windows systems via Yahoo Instant Messenger comes a new worm that is even more sophisticated in its social engineering and payload, security firm Bkis said on Friday.

The malware arrives via instant message through Yahoo or Skype with any one of a number of messages, including "Does my new hair style look good? bad? perfect?" or "My printer is about to be thrown through a window if this pic won't come out right. You see anything wrong with it?" Bkis wrote in a blog post.

The message includes a link to a Web page that looks like it leads to a JPEG, or image file. When the link is clicked on, the browser displays an interface that looks like the RapidShare Web hosting site and offers up a ZIP file for download. The extracted file is actually an executable file with a .com extension.

The malware, which Bkis has detected as "W32.Skyhoo.Worm," disappears if the computer does not have Skype or Yahoo Messenger installed. It automatically sends messages with varying content and malicious links to contacts in the victim's IM list and automatically injects a malicious link in e-mail messages and Word or Excel files that the user is composing, Bkis said.

The worm also connects to an IRC server to receive remote commands, blocks antivirus software, uses a rootkit technique to hide its files and processes and automatically copies itself onto USB drives to spread, according to Bkis.