Kaspersky Labs reports that the first IM work exploiting the wmf vulnerability has been spotted. They have received multiple reports from the Netherlands about an IM work spreading via MSN Messenger using a link to "http://[snip]/xmas-2006 FUNNY.jpg".
According to Viruslist.com,
Quote:
The jpg is actually an HTML page with a (link to) malicious wmf file which is heuristically detected as Exploit.Win32.IMG-WMF by Kaspersky Anti-Virus. This wmf will download and execute a .vbs file which is detected as Trojan-Downloader.VBS.Psyme.br which will in turn download an Sdbot. The IRCBot is detected as Backdoor.Win32.SdBot.gen by KAV.
At the time of writing this SdBot is instructed to download an IM-Worm.Win32.Kelvir variant. As you will know, Kelveir is responsible for spreading across MSN. Looking at this IRCBot it's extremely likely it has been made for cyber criminals.
|
The lesson to everyone is clear: Be wary of any hoiday messages or links sent via MSN, even if it comes from a friend. And of course, always run anti-virus software with up-to-date virus definitions.
01-02-2006, 03:32 PM
Similar Topics
