People who use the popular instant messaging services of Yahoo and Skype should keep their eyes peeled for a couple of new viruses that are making the rounds lately. Just because you are good friends with one of your contacts does not mean you should trust every link sent from them, because some might be malicious. Worst of all, they might not even know that they are sending them to others.
The first virus released was specifically aimed at users of Yahoo Instant Messenger. The actual name of the virus, as identified by Symantec, is W32.Yimfoca. What the virus does is add itself to your Windows Firewall list after it copies itself to the %WinDir%infocard.exe file. Once that is completed, the virus also modifies your registry keys. Taking things one step further, the virus also disables any future Windows updates, giving it a better chance of remaining on the computer.
The way W32.Yimfoca spreads its way onto computers is through instant messages sent to contacts from the infected person's computer. Targets will receive messages from a contact that will include a message about a photo along with a smiling emoticon. Next to that is a link used to entice the target to click it to view a photo. Popular social networking sites like Facebook or MySpace are also used in the scheme to make the target believe that it is all legitimate.
If the user clicks on the link in the IM window, a popup to to save the binary file will appear. If saved and then run, that computer will become infected by the virus, and it will now use that person's messenger to send the same type of message to all of their contacts. This is if the person is using a Windows computer. If they use a Mac and download the file, the virus will not be able to go any further.
The virus can now use the infected Windows computer as an avenue to spread even further to other computers via IM, and possibly inflict further damage. According to BitDefender, the W32.Yimfoca is similar to other aggressive viruses that are used by hackers to access user passwords and the like.
The W32.Yimfoca worm is not the only one circulating via instant messaging programs, though. Security firm Bkis has identified a newer relative of the worm, called W32.Skyhoo.Worm, that is more advanced and is now also targeting users of Skype's instant messaging program.
W32.Skyhoo.Worm uses an infiltration strategy similar to W32.Yimfoca's, and is initiated via an instant message. Skype or Yahoo users will get an instant message from one of their contacts, with the contact talking about their hair style or complaining about their printer and threatening to throw it out of the window. Accompanying the IM is a link to a photo that they urge the target to download. If the target clicks on the photo's link, they will be guided to a page of a file sharing program, similar to RapidShare, that includes a link for a ZIP file download. If the target downloads and saves the ZIP file, and then extracts it, they will get a .exe file that installs the virus on the computer.
Once the computer is infected, W32.Skyhoo.Worm can use it to perform several damaging functions. It can spread by copying itself onto USB drives, disable antivirus programs, and even connect to IRC servers that allow hackers to send remote commands. All of this is in addition to the worm using the infected computer to send out harmful instant messaging links to all of the person's Yahoo or Skype contacts.
Although these two viruses have been identified and have Yahoo and antivirus programs working to stop them, there are a couple things you can do to protect yourself. First, do not open any suspicious links sent from friends via instant message. Message them back and ask them if it is legitimate. Second, make sure all of your antivirus software is up to date, and that you are running a solid antivirus program on your computer.
For more on these viruses, visit: http://news.cnet.com/8301-27080_3-20004368-245.html and http://news.cnet.com/8301-27080_3-20004456-245.html
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
More Web Hosting Security Articles
More By wubayou