14 DAY TRIAL // Correct me if I'm wrong, but I think this is the third report concerning MSN Messenger after January 1st. God, this instant messaging application is really dangerous these days, so in case you're one of its users, you should really read this. Roderick Ordo?ez of Trend Micro informed today that a new worm has been spotted on MSN Messenger attempting to spread itself by sending links redirecting to an infected website. The entire exploit is pretty simple: once a user gets infected, the worm automatically sends a certain message along with a link to an infected ZIP archive.
According to the Trend Micro official, the archive is named Photos1-2008.zip and "when opened, drops the file happy2008.exe together with the ZIP file. Trend Micro detects both files as WORM_IRCBOT.EL."
"If installed successfully, the worm tries to repeat the process: it sends a link to the malicious .ZIP file to all contacts listed in the currently logged-on user's MSN Messenger account. The worm may also allow a remote malicious user to execute commands on the affected system", Roderick Ordo?ez wrote in the blog post published today.
What I find very interesting are the messages sent by the worm. Here is the complete list of malicious messages spotted on MSN Messenger:
- Hey, Can i put theese on facebook? - Hi, have u seen my New Year pics yet? if not, this you gotta see! - Hi, this you gotta see! - Hey, Some pics from New Year at my place :) - Hey, happy New Year, heres som pics from New Year! :)
This time, you're advised to avoid visiting suspicious links delivered on MSN Messenger and don't forget to update your antivirus with the latest virus definitions. In addition, you can try the solution offered by the Trend Micro official: "simply ask a follow-up question to the sender, like: 'hey, is this file safe?' Chances are, it won't answer if it's malware doing the sending."