Categories: SecurityWorkspace

Yahoo And Skype Hit By Wave Of New Worms

Security researchers have reported a new wave of attacks targeting users of Yahoo Messenger and Skype.

BKIS (Bach Khoa Internetwork Security) researchers May 7 said the attack comes via messages such as, “Does my new hairstyle look good? bad? perfect?” and “My printer is about to be thrown through a window if this pic won’t come our right. You see anything wrong with it?” The messages contain malicious links.

“The users are more easily tricked into clicking the link by these messages, because users tend to think that ‘their friend(s)’ are asking for [advice],” said the BKIS blog post. “Moreover, the URL shows a .jpg file to users, reinforcing the users’ thought of an image file.”

Social Engineering

BKIS’ discovery follows the appearance of another worm targeting Yahoo Messenger that was reported earlier this week.

“The page at the end of the link is basic and does not employ any exploits in order to install the worm, it relies solely social engineering to trick victims into believing they are opening a picture from a friend, while in fact they run the worm,” explained Symantec researcher Mircea Ciubotariu on 2 May.

Once executed, “the worm copies itself to %WinDir%\infocard.exe, then it adds itself to the Windows Firewall List, blocks the Windows Updates service and sets the following registry value so that it runs whenever the system boots: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run”Firewall Administrating” = “%WinDir%\infocard.exe,” Ciubotariu wrote.

Executing Malicious Files

With that done, the worm then blasts itself out to everyone on the victim’s Yahoo Messenger contact list, and may also download and execute other malicious files.

According to BKIS, the other worm has “more complicated functions.” Among other things, it “automatically sends messages with different contents containing malicious URLs to user names in [the] Skype [or] Yahoo Messenger friend list of the user” and “uses rootkit technique to hide its files and processes.” The malware also “blocks operations of antivirus software” and “copies itself along with file Autorun.inf into USB drives to spread.”

“Once again, we would recommend [that] IM users … be careful before clicking any links received, even from your friends or relatives,” BKIS said. Also, “Users should regularly update their antivirus [software] on their computers.”

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Share
Published by
Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

Is the Digital Transformation of Businesses Complete?

Digital transformation is an ongoing journey, requiring continuous adaptation, strong leadership, and skilled talent to…

7 hours ago

Craig Wright Faces Contempt Claim Over Bitcoin Lawsuit

Australian computer scientist faces contempt-of-court claim after suing Jack Dorsey's Block and Bitcoin Core developers…

8 hours ago

OpenAI Adds ChatGPT Search Features

OpenAI's ChatGPT gets search features, putting it in direct competition with Microsoft and Google, amidst…

8 hours ago

Google Maps Steers Into Local Information With AI Chat

New Google Maps allows users to ask for detailed information on local spots, adds AI-summarised…

9 hours ago

Huawei Sees Sales Surge, But Profits Fall

US-sanctioned Huawei sees sales surge in first three quarters of 2024 on domestic smartphone popularity,…

9 hours ago

Apple Posts China Sales Decline, Ramping Pressure On AI Strategy

Apple posts slight decline in China sales for fourth quarter, as Tim Cook negotiates to…

10 hours ago