Security experts have identified a piece of malware that’s able to easily infect the computers of users who rely on popular messaging applications to keep in touch with their friends, family and business associates.
The malicious element is able to spread via Skype, ICQ, GTalk, Yahoo! Messenger, MSN Messenger, Pidgin and even Facebook’s web chat.
McAfee Research Scientist Niranjan Jayanand, the malware comes as a file called Picturexx.JPG_www.facebook.com.
The cybercriminals send out links allegedly pointing to an interesting video, but when victims click it, they’re served the worm. The worst thing is that victims are lead to believe that their friends/contacts are the ones sending the links.
Once it finds itself on a computer, the threat bypasses the firewall by using the “netsh firewall allowed program” command line. It can also achieve the same goal by modifying registries, adding itself to the list of allowed applications.
To ensure that it can’t be easily removed, the malware checks for antivirus solutions and Windows updates and disables them.
This is not the only damage it causes. It also alters the home page and configuration of web browsers such as Internet Explorer, Mozilla and Chrome. After all this is done, the attacker can start sending malicious commands.
To ensure that it continues to spread, the malware looks for open chat applications and sends the so-called video link to the victim’s contacts.
In order to spam the friends of Facebook customers, the malicious element relies on Ajax commands.
Experts say that the worm is not difficult to remove. The easiest way is to let an up-to-date antivirus program do it for you, but if you’re the hands-on type, you can remove the start-up entry the virus made and terminate the mdm.exe
process from the operating system’s Task Manager.