AV-killing worm spreads via Facebook chat and IM clients
Posted on 30.08.2012
A rather industrious piece of malware that - among other things - paves the way for other malware by disabling AV solutions and software update modules has been spotted spreading via several Instant Messaging applications (ICQ, Skype, GTalk, Pidgin, MSN, YIM) and Facebook:


The victims receive a message from an unknown user, offering a link to a funny or interesting video. If they follow it, the malware in question downloads automatically from the linked site and is executed.

The worm is capable to do many unwelcome things on the victims's computer:
  • It can bypass any existing firewall by marking itself as an allowed program
  • It drops copies of itself into a number of folders and hides them
  • It creates a run entry that will make it start every time a machine reboots
  • It searches the computer for AV solutions, Windows and Yahoo Update modules, then tries to disable them
  • It changes IE's start page and modifies Firefox' and Chrome's preference file
  • It receives commands from a remote attacker, which instructs it to enumerate instant messenger windows in the victim’s machine and post the message that promises an interesting video in order to spread itself further, or posts the same message in a Facebook chat after having sent a chat request on Facebook’s chat window.
But, as McAfee researchers point out, the worm is easy to remove.

"We kill the running instances of this process using Process Explorer or Task Manager," they shared. "The start-up entry made by the malware must be cleared as well to avoid its reloading after rebooting."

Users can protect themselves from this and other threats by not following links posted by unknown online "friends" or known contacts without checking whether they meant to do so or were the unsuspecting victims of this or similar malware.






Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //