There are a couple of bad IM viruses spreading lately. Any of our clients who use IM (like Live Messenger, Yahoo, or Skype) would benefit from a little schooling, or even a PC checkup to be sure AV is running correctly, etc.
There is a very social aspect to the spread of the virus, as in most cases the user must click on and execute the virus.
The user will get a chat message from someone they know on their list (who is infected) with an enticing message like “Wow, this picture looks a lot like YOU! :-/” or something like that, and the a link that the user is able to click. That link serves a dual purpose. In many cases the URL includes a reference to the user’s email address as well, so the hacker can record the valid email address of the person who clicked the link (this email address is taken from chat account login), and the user actually downloads a file. The URL leads to a deceptive file name like:
PIC0035.JPG—www.photoshare.com
Many (perhaps even MOST) users would overlook the fact that this file has a .COM extension (which is an executable program) and not a JPG extension.
These files can install rootkits, open backdoors in firewalls, install remote control software, block AV software from working and detecting it, and then “phone home” to the controlling hacker to let them know he owns another computer for his nefarious use.
