Another MSN worm spreading with the same tactics as usual, “Wanna see my pictures before i send em to facebook?” and so on.
The only really interesting thing about this worm is it sends the message in the language of the locale installed on the infected machine, this is pretty intelligent and is much more likely to work as most of the people on sometimes contact list are probably from the same country or at least use the same language.
The IRCBOT-RB Trojan poses as messages containing links to pictures on social networking sites such as MySpace and Facebook. Typical come-ons involve messages such as “Wanna see my pictures before i send em to facebook?”. Clicking on a link takes users to booby-trapped websites.
Unusually, the polyglot malware changes these messages according to the language of the affected operating system used. Compromised machines are infected by a simple bot agent that leaves the hardware hooked up to a central control server, awaiting instructions.
This would mean it’s much more believable than someone who speaks Portuguese to their friends sending a message in English. As usual please educate people not to blindly follow or click links and definitely don’t accept files sent by friends on MSN/Yahoo! or AIM as they are most likely auto-generated by a trojan.
Do message the person back manually and ask them if they really sent it.
Source: The Register
- ParanoiDF – PDF Analysis & Password Cracking Tool
- Windows Registry Infecting Malware Has NO Files
- FakeNet – Windows Network Simulation Tool For Malware Analysis
- New MSN Worm Hitting Users – BlackAngel.B
- Email Worm Spreading Like Wildfire – W32.Imsolk/VBMania Variant
- Super Powered Malware Sandwiches Found In The Wild – Frankenmalware
Most Read in Malware:
- Nasty Trojan Zeus Evades Antivirus Software - 77,323 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,470 views
- US considers banning DRM rootkits – Sony BMG - 44,930 views