AV-killing worm spreads via Facebook chat and IM clients
Posted on 30.08.2012
A rather industrious piece of malware that - among other things - paves the way for other malware by disabling AV solutions and software update modules has been spotted spreading via several Instant Messaging applications (ICQ, Skype, GTalk, Pidgin, MSN, YIM) and Facebook:


The victims receive a message from an unknown user, offering a link to a funny or interesting video. If they follow it, the malware in question downloads automatically from the linked site and is executed.

The worm is capable to do many unwelcome things on the victims's computer:
  • It can bypass any existing firewall by marking itself as an allowed program
  • It drops copies of itself into a number of folders and hides them
  • It creates a run entry that will make it start every time a machine reboots
  • It searches the computer for AV solutions, Windows and Yahoo Update modules, then tries to disable them
  • It changes IE's start page and modifies Firefox' and Chrome's preference file
  • It receives commands from a remote attacker, which instructs it to enumerate instant messenger windows in the victimís machine and post the message that promises an interesting video in order to spread itself further, or posts the same message in a Facebook chat after having sent a chat request on Facebookís chat window.
But, as McAfee researchers point out, the worm is easy to remove.

"We kill the running instances of this process using Process Explorer or Task Manager," they shared. "The start-up entry made by the malware must be cleared as well to avoid its reloading after rebooting."

Users can protect themselves from this and other threats by not following links posted by unknown online "friends" or known contacts without checking whether they meant to do so or were the unsuspecting victims of this or similar malware.






Spotlight

How to talk infosec with kids

Posted on 17 September 2014.  |  It's never too early to talk infosec with kids: you simply need the right story. In fact, as cyber professionals itís our duty to teach ALL the kids in our life about technology. If we are to make an impact, we must remember that children needed to be taught about technology on their terms.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Sep 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //