Trend Micro has detected a new IM-based worm, WORM_OPANKI.Y, which uses the file name ITUNES.EXE for its routines. The worm spreads via AOL Instant Messenger, one of the top three IM applications in the world, and exploits the popularity of the iTunes application for music downloads.
OPANKI.Y sends the message ?this picture never gets old? to all online contacts of the affected user. The message it sends contains a link to a downloadable file which contains a JPG extension to appear credible. However, the downloaded file is instead saved as ITUNES.EXE in the user’s system.
The Impact
In addition to backdoor capabilities, OPANKI.Y drops the following four known adware/greyware applications:
ADW_DYFUCA.EI: This adware creates a folder, “Internet Optimizer” and drops another spyware application, which displays pop-up advertisements on the affected system.
ADW_MEDTICKS.A: This is a popular adware program ?Media Tickets? (www.mediatickets.net). It has the ability to track what the user clicks on ? and how often they do it ? and can display pop-up ads. This adware also promises to pay 15 cents (USD) for every time a user clicks on the adware. This adware was also dropped in a number of variants of the popular MYTOB family of worms over the past few months. Please refer to the Trend Micro Virus Encyclopedia for more information (http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.BI).
ADW_SOLU180.H: This adware is a well-known greyware application, “180 Search Assistant”. This application monitors an affected user’s Internet Explorer activities and transmits logs of every site visited, to profile Web users and trigger pop-up ads that target the user’s surfing habits.
ADW_SOLU180.K: This adware is commonly packaged with other adware programs, as seems to be the case here.
Threats that spread via IM applications are not new; the earliest known worm to do so was WORM_MENGER.A, which dates back to May 2001. Most of these IM-based threats use one of the big three IM vendors ? AIM, MSN Messenger, and Yahoo! Messenger ? primarily due to their widespread adoption. And with IM usage on the rise, it has become a popular medium for virus authors, containing millions of potential victims, most of whom are unaware of virus and malware threats.
Jaime Lyndon “Jamz” A. Yaneza, Senior AV Research Engineer with antivirus and content security firm Trend Micro, believes that social engineering techniques like this can be particularly effective. ?With the popularity of the iPod and iTunes, it?s relatively easy for a user to mistake the file name ITUNES.EXE for the legitimate application,? says Yaneza. ?Effective social engineering relies on grabbing people?s attention. Appealing to people?s interests is a time-proven technique.?
To safeguard against this threat, security experts advise users to double-check AIM messages they receive ? even when messages appear to be from a friend or other known source.
For more information on WORM_OPANKI.Y, and for instructions on how to remove the worm in case of infection, please refer to the Trend Micro Virus Encyclopedia (http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPANKI.Y).
source: net4now.com
No comments:
Post a Comment