Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

New Malware Propagation Technique Uses IM Protocols of Social Networks

According to security firm 'Fortinet,' while malicious web-links spreading via Instant Messaging (IM) protocols are not a new thing for computer users, attacks that have been recently launched take advantage of the reputation associated with social-networking websites such as Facebook and MySpace.

Derek Manky, security researcher at Fortinet, analyzed one such assault to know more about its implications, as reported by Softpedia on September 14, 2009.

The attack message pretending to recognize the recipient provides a web-link such as http://facebook-photo[removed]/viewimage.php?[contactname], however, it is also indicative of bogus MySpace URLs being embedded to entice end-users.

After analyzing further, Manky says that the malevolent web-link shows the contact name of the recipient at its end that undoubtedly increases the lure's effect.

If the user clicks on the link, the domain named facebook-photo seems as if it has just been registered and diverts him to another domain containing the php script. Manky further says that this php script is already hijacked by malicious users. Moreover, this script simply downloads an executable file that Manky detected as containing 'jpg.exe' in its suffix.

The researcher further notes that all the given redirections represent a virus installer that crafts an msmsgrs.exe file in the Windows directory as a disguise for the actual MSM Messenger.

Subsequently, it sets up an IRC (Internet Relay Chat) connection and connects with a channel to act like a drone i.e. botnet client, awaiting orders. The virus installer also attempts to conceal its traffic by using TCP port 1863 to connect to the IRC, where the port usually relates to MSN Messenger interactions.

It accesses the home page of MySpace inside the browser though the Facebook page should have appeared in the current instance. The objective behind this is to turn away the user's mind towards the need to validate personal credentials so that he could apparently see the picture he tried to access.

Hence, security experts advise users to be very careful while selecting web-links for performing visits, whether they come via e-mail, IM or any social network. They should install up-to-date anti-malware, anti-virus and similar security software on their computers so that malware may be averted.

Related article: New Zealand Releases Code To Reduce Spam

» SPAMfighter News - 10/5/2009

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next