[ad]
Another MSN worm spreading with the same tactics as usual, “Wanna see my pictures before i send em to facebook?” and so on.
The only really interesting thing about this worm is it sends the message in the language of the locale installed on the infected machine, this is pretty intelligent and is much more likely to work as most of the people on sometimes contact list are probably from the same country or at least use the same language.
The IRCBOT-RB Trojan poses as messages containing links to pictures on social networking sites such as MySpace and Facebook. Typical come-ons involve messages such as “Wanna see my pictures before i send em to facebook?”. Clicking on a link takes users to booby-trapped websites.
Unusually, the polyglot malware changes these messages according to the language of the affected operating system used. Compromised machines are infected by a simple bot agent that leaves the hardware hooked up to a central control server, awaiting instructions.
This would mean it’s much more believable than someone who speaks Portuguese to their friends sending a message in English. As usual please educate people not to blindly follow or click links and definitely don’t accept files sent by friends on MSN/Yahoo! or AIM as they are most likely auto-generated by a trojan.
Do message the person back manually and ask them if they really sent it.
Source: The Register
Nobody_Holme says
I just ignore files as a habit unless we were discussing it just before. safety FTW.
goodpeople says
We already established that the bad guys are getting smarter. One more reason not to allow MSN at work…
Pantagruel says
The main reason to block/not allow any chat client (icq/msn/aim/skype/whatever) on a production network is just because these chat clients are not secure and time upon time have proven to provide vulnerabilities. At work we block all known chat clients on production machines and have setup an additional number of machines which have no access to the production network and provide chat clients.
goodpeople says
Wish It were that easy where I work. My students all bring their own laptop…
eM3rC says
I find that using a program called meebo (www.meebo.com) works the best for me. This site is basically an in browsing chat program which allows all the chatting and none of the files. If someone wants to send a file I have them email it to me (GMail AV and my own make it very very hard to get infected).
Shouldn’t MSN implement some kind of handicap for people trying to send out like 10,000 messages in a few minutes?
Pantagruel says
It would be nice if MSN indeed would inplement and ‘spam limiting amount you can send’ routine. But I guess they (MS/MSN that is) is quite happy with the ‘active’ virtual social life some people have (or in the case of an MSN spammer seem to be having).
meebo is a nice one, I have used koolim.com in the past (usually when abroad).
Nobody_Holme says
Meh. if you’re competent with computers, theres no need to move to another piece of software, because you can always just /block people.
Pantagruel says
@Nobody_Holme
Blocking a MSN user is only possible in retrospect. Usually the spammers will use and discard the used MSN/AIM/whatever chat client account. But than again, I hardly get more than 1 spam message a month trying to convince me either to get some pills for enlargement or some money scheme and they go straight to the bin.
eM3rC says
@Pantagruel
I like AIMs system where you can only send a certain # of messages within an allotted amount of time and you need recharge time before you can send large amounts of messages.
@Nobody_Home
Its like saying “you can always hang up on telemarketers or delete the spam”. It would be nice if it was gone.
J. Lion says
Ignoring the link or file transfer is always the best option if the person is already in your buddy list.
However informing your buddy that he/she has an infected machine often bring a lot of grief and then despair.
eM3rC says
@J Lion
I think its easy to just ignore the spam or block the people sending out the spam but I think something should be done about regulating messages or increasing awareness for IM infections.
rrk says
the virus is messaging my contacts with a nickname i had used last year even when my pc is swithced off!! wtf do i do?
zupakomputer says
rrk: is the modem still plugged in or active (if it’s wireless) when the PC is powered off?
Are you sure it’s the same trojan?, it might be something else that’s phished your details and is messaging people from another machine – if you can see where it is installed (on your pc) then remove it & delete it….I’m not sure if this is some kind of rootkit; if it is then you might need to do a bit more than just deleting it cause it would have some means to reinstall itself.
Goodpeople: doesn’t the network block any unauthorised client additions – or if they’re going on by wireless then use MAC filters as well as any encryption keys. I wish my college had more students that could afford laptops, including me,….it’d be a nicer place if it wasn’t such a chav-ridden nightmare. Not that everyone with money is ok, some are just spoiled by their parents, but I think overall it’d be better to up the class somewhat.
fever says
took some work to put this together, just wish builders would redirect attention to constructive things. don’t waste your skills on the bad, focus on the good.