Smiley Message on Yahoo’s IM is Actually a Worm

According to the security experts, a smiley-faced IM (instant message) carrying an image link is presenting itself as being sent from a friend or acquaintance, but in the form of a virus/worm on Yahoo Instant Messenger, this unwanted smiley message is spreading misery across the world.

On May 3, 2010, security firms Symantec, BKIS, and BitDefender separately cautioned the users of Yahoo Messenger regarding the attack which eventually delivers a worm facilitating the attacker to completely hijack the victim's system, not to mention, circulate itself among the contact list of the victim.

According the BitDefender, this unwanted message motivates the user to click the link with a smiley face that supposedly lands him to a photo gallery or an image.

Rather than opening up the so-called collection of images, the receivers are foxed into apparently saving a .JPG file. In reality, this file is an executable disguising Worm.P2P.Palevo.DP- the malicious payload.

A vulnerable machine infected with this payload means havoc. To begin with, the worm develops numerous hidden files in Windows folder: mdt.sys, winbrd.jpg, mds.sys, infocard.exe and alters a few registry keys to indicate towards these files so as to destroy Operating System's firewall.

Palevo.DP, like its siblings, contains a backdoor component which permits remote attackers to grab control of the compromised system and execute their vicious motives, like launching malware offensives and spam campaigns on other systems, or installing additional malicious software and stealing files.

Unfortunately, this malware is growing at a rapid pace. Romania-based Catalin Coisoi, senior malware and virus researcher for BitDefender said that since his team first detected the malware in the last week of April 2010, they have witnessed an infection rate touching almost 500% per hour in their home land, as per the news published by dark READING on May 3, 2010. He added that the malware has now started spreading aggressively.

The researchers at BKIS, commenting on this, said that some worms have already attacked in this way, and so, this attack technique used this time is nothing new. However, to unwary users, the malware is always potentially perilous. The culprits have incorporated a few phishing essentials to fox the user into clicking and opening the downloaded file.

Related article: Small Organizations Too Can Be Hackers’ Target

» SPAMfighter News - 5/13/2010