New Trojan Uses IM Program to Spread Infection Rapidly
A new Trojan started to spread on November 18, 2007 via the MSN Messenger with the aim to build a botnet, but a greater concern is that the malware at the same time attempts to hunt for virtual computers so that it can increase the number of connection to the botnet, according to security vendor eSafe.
The malware increased the number of bot-infected PCs to its network from 500 at noon EST on November 18, 2007 to over 12,000 by 2 pm EST on November 19, 2007, said the Director of Product Management, Ofer Elzam, at Aladdin Knowledge Systems. SCMagazine published Elzam's statement on November 19, 2007.
The vector for spreading the infection - the Instant Messaging (IM) program is not new. But it is thought that this Trojan is the first such malware that scans computers for Virtual Network Computing pieces possibly to multiply connections to its botnet. The Trojan takes the form of a ZIP file that condenses photos of members in a buddy list. The file is named "pics" and it is actually an executable file with a double extension using the format filenamejpg.exe. The executable file could also be labeled as 'images' that is truly a '.pif' executable.
The Trojan, which harvests IM names from known contacts, uses them to infiltrate the malicious files into more and more systems. However, the files also spread by using names of unknown users. Security researchers think that cyber attackers choose MSN Messenger to distribute the malicious Trojan because it has a wide international reach and it conveniently acts as a medium to connect to new PCs.
After the Trojan installs itself on a computer, it scans the machine for a VNC client and through it, infects another system under remote control even if that system is inside a firewall.
Threats that spread through IM, though still rare compared to attacks via e-mail or those that spread from malware-embedded Websites, are known in many quarters. So are the loopholes within the IM application. For instance, in September, Microsoft compelled its users of MSN Messenger to upgrade the software to Windows Live Messenger 8.1 to thwart the flaw in the earlier version.
Related article: New Zealand Releases Code To Reduce Spam
» SPAMfighter News - 03-12-2007