Trojan spreading through Windows Live Messenger

A trojan is spreading through Microsoft's IM client Windows Live Messenger. I first noticed it when a friend prompted me to accept a .zip file. My Messenger points to a non-existing software for scanning files during file transfer (something I have to correct) so virus scan failed during transfer. When I extracted the zip file, (without scanning it with my antivirus software, i should have scanned it) I saw only an .exe file inside. I then scanned the .zip file using my antivirus software but discovered no viruses. I then deleted the extracted folder and the .zip file without wanting to find out what the .exe file was about.

I then phoned my friend who said it was a trojan and it had infected his computer. He said he was able to clean it using Kaspersky Antivirus.

I found two articles which mentions similar trojans. One on eWEEK and the other on computerworld. However, I believe that the one I received was another variant of it. I am hoping to get the log files of my friend's antivirus software to identify what name Kaspersky has given to this trojan.

Later, another contact on Messenger prompted me to accept the file and I was able to get a screenshot.

Before the prompt for the file there is a message, supposedly from my contact, which says "do i look dumb in this picture? I want to put it on myspace." The .zip file's name is img_135-JPEG.zip. You would think it is a photo and usually accept it. This time I declined to accept the file.

My contact was signing in to Messenger and prompting me to accept the file and then signing out. This process was repeating so I guess his password had already been compromised.

Trojans and worms targeting IM clients have been around for a long time. Although this particular one has been around since November, there is little information available on Internet about it, and it is not one of the most active threats at the moment. However, considering the number of Windows Live Messenger users we have in the Maldives, it is important to pay attention to this. Some antivirus software do not detect the trojan as well (as I discovered when I scanned the .zip file). The best option is never accept suspicious files. I am providing you a screenshot here and you will know now not to accept a similar file. But there could be many variants out there. It is also important to scan for viruses during file transfer. You can set it in Tools > Options > File Transfer in Windows Live Messenger.