Trojan spreading through Windows Live Messenger
A trojan is spreading through Microsoft's IM client Windows Live Messenger. I first noticed it when a friend prompted me to accept a .zip file. My Messenger points to a non-existing software for scanning files during file transfer (something I have to correct) so virus scan failed during transfer. When I extracted the zip file, (without scanning it with my antivirus software, i should have scanned it) I saw only an .exe file inside. I then scanned the .zip file using my antivirus software but discovered no viruses. I then deleted the extracted folder and the .zip file without wanting to find out what the .exe file was about.
I then phoned my friend who said it was a trojan and it had infected his computer. He said he was able to clean it using Kaspersky Antivirus.
I found two articles which mentions similar trojans. One on eWEEK and the other on computerworld. However, I believe that the one I received was another variant of it. I am hoping to get the log files of my friend's antivirus software to identify what name Kaspersky has given to this trojan.
Later, another contact on Messenger prompted me to accept the file and I was able to get a screenshot.
Before the prompt for the file there is a message, supposedly from my contact, which says "do i look dumb in this picture? I want to put it on myspace." The .zip file's name is img_135-JPEG.zip. You would think it is a photo and usually accept it. This time I declined to accept the file.
My contact was signing in to Messenger and prompting me to accept the file and then signing out. This process was repeating so I guess his password had already been compromised.
Trojans and worms targeting IM clients have been around for a long time. Although this particular one has been around since November, there is little information available on Internet about it, and it is not one of the most active threats at the moment. However, considering the number of Windows Live Messenger users we have in the Maldives, it is important to pay attention to this. Some antivirus software do not detect the trojan as well (as I discovered when I scanned the .zip file). The best option is never accept suspicious files. I am providing you a screenshot here and you will know now not to accept a similar file. But there could be many variants out there. It is also important to scan for viruses during file transfer. You can set it in Tools > Options > File Transfer in Windows Live Messenger.
5 Comments:
This comment has been removed by the author.
i got the msg from a few of my buddies as well.. but the msg was too odd to be coming from them so i checked the contents and realized what was happening... so i just blocked the dudes... until they were clean :P
A friend's windows live messenger is trying to send me a trojan with the following message. He is unaware where he got it from, but this is the message:
"look at this picture from hotornot.com , I would NOT describe any of them as HOT. lol
-"
Michael sends:
n52um.zip
Accept(Alt+C) Save As...(Alt+S) Decline(Alt+D)
the filename changes every time it attempts to send. Every time I log in it tries to send it to me.
Eliminate Razor Burn
PS, the file was 106kb and the trojan my virus checker found was "Trojan horse SHeur.ANKZ"
how can i delete this virus?
what is it's poupuse?
Post a Comment
<< Home