AV-killing worm spreads via Facebook chat and IM clients
Posted on 30.08.2012
A rather industrious piece of malware that - among other things - paves the way for other malware by disabling AV solutions and software update modules has been spotted spreading via several Instant Messaging applications (ICQ, Skype, GTalk, Pidgin, MSN, YIM) and Facebook:


The victims receive a message from an unknown user, offering a link to a funny or interesting video. If they follow it, the malware in question downloads automatically from the linked site and is executed.

The worm is capable to do many unwelcome things on the victims's computer:
  • It can bypass any existing firewall by marking itself as an allowed program
  • It drops copies of itself into a number of folders and hides them
  • It creates a run entry that will make it start every time a machine reboots
  • It searches the computer for AV solutions, Windows and Yahoo Update modules, then tries to disable them
  • It changes IE's start page and modifies Firefox' and Chrome's preference file
  • It receives commands from a remote attacker, which instructs it to enumerate instant messenger windows in the victimís machine and post the message that promises an interesting video in order to spread itself further, or posts the same message in a Facebook chat after having sent a chat request on Facebookís chat window.
But, as McAfee researchers point out, the worm is easy to remove.

"We kill the running instances of this process using Process Explorer or Task Manager," they shared. "The start-up entry made by the malware must be cleared as well to avoid its reloading after rebooting."

Users can protect themselves from this and other threats by not following links posted by unknown online "friends" or known contacts without checking whether they meant to do so or were the unsuspecting victims of this or similar malware.






Spotlight

Bash Shellshock bug: More attacks, more patches

Posted on 29 September 2014.  |  As vendors scramble to issue patches for the GNU Bash Shellshock bug and companies rush to implement them, attackers around the world are probing systems for the hole it opens.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Sep 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //