New Trojan targeting the instant messenger client

Nov 21, 2007 09:44 GMT  ·  By

MSN Messenger, that popular instant messaging application, is again putting the users at risk due to a dangerous Trojan horse which attempts to deploy additional malware on an infected system. According to eWeek, the Trojan aims to create a huge bot network using the infected computers and use them for more malicious activities. It seems like the threat scans the web for VNC servers, a very popular remote desktop control application currently used by thousands of consumers. For instance, VNC for Windows has no less than 110,610 downloads on Softpedia with a 4.3 out of 5 points of rating. The Trojan horse is hidden under a digital photo format, asking the users to click on it to view an image.

"The Trojan is an IRC bot that's spreading through MSN Messenger by sending itself in a .zip file with two names. One of the names includes the word "pics" as a double extension executable-a name generally used by scanners and digital cameras: for example, DSC00432.jpg.exe. The Trojan is also contained in a .zip file with the name "images" as a .pif executable-for example, IMG34814.pif," eWeek wrote.

MSN Messenger was affected by similar threats in the past and certainly, this is not the last time to see a Trojan horse or other type of threat distributed via the instant messaging client. Since the popularity of the application is continuously increased, more and more attackers are turning to it in order to discover new victims and propagate the infection.

A few weeks ago, another Trojan affecting MSN Messenger was discovered as it attempted to steal users' credentials by luring them on a phishing website. After the login details were stolen, the attackers could login into the accounts and find new victims by sending the malicious link to the affected users' contacts.