14 DAY TRIAL // Today we’ve received a message, written in Russian, on ICQ. After analyzing it a bit, we’ve discovered that the “picture” it tries to push is actually a malicious screensaver that hides an old Trojan.
“Hi, I cannot remember where I got your ICQ. Maybe you remember me? or photos you recognize me? Here is the link as bitly.com/[redacted] will then write to me, I throw off another link,” reads a translation of the message.
The shortened link points to a Russian website called megaupload.ipbux.ru. The site is cleverly designed to look like an image hosting service.
However, the webpage is filled with shady advertising and links that don’t work, or ones that point to other suspicious-looking domains.
Once the download button is pressed, the potential victim is presented with a zip file (foto0095.zip). The archive contains a screensaver file which hides a Trojan identified by ESET as Win32/VB.qnb, a threat discovered in the summer of 2009.
The interesting thing is that the account on which the message has been received is new and, in theory, it shouldn’t show up anywhere on the web. This most likely means that the cybercriminals are trying out random ICQ numbers in an attempt to spread their malware.
It’s not uncommon for spammers to spread their malicious elements via instant messaging applications, but we want to take this opportunity to remind users that cyber threats lurk at every corner.
Be sure never to accept friend invitations or contact requests from users you don’t know. If you’ve accepted them, refrain from clicking on the shady links they send out and report them as being spammers.
Also, install antivirus software and always keep it up to date. Even though there are some pieces of malware that aren’t detected right away, a decent solution will catch most threats before they can cause any damage.