A new virus labelled a variant of the Win32/Spy.VB.LO trojan by NOD32 has been spreading via Windows Live Messenger over the past couple of weeks, one of the messages it typically sends contains the recipients e-mail address, looking something like this:
» rofl @ you, http://improfile.net/members.php?msn=example@example.com
The Web site has been shutdown to stop it from spreading. The DNS is set to loopback (127.0.0.1) and “Closed for Fraud” is in the whois information.
Kelvin has created a tool called impFix to remove the virus, so give it a try if you believe to be infected with this pest.
Last week Adrian posted about a new messenger worm that has now spread to many users. It spreads by sending a message like one of the following to online contacts:
check out these pics of us! http://p1392.pic-myspace.info
check out this pic of you on myspace! p1392.pic-myspace.info
According to the original post, it was using the domain pics-myspace.info, but on that same day pic-myspace.info was registered and the worm started using that instead. The whois information looks valid…?
Some helpful visitors have posted comments on how to remove it, check out SgSiaoKia’s comment and head over to Serena’s site for full instructions.
Just noticed there could be a potential nuisance worm going around MSN Messenger/Windows Live Messenger. Just like previous ones, once you have opened the URL, you become infected and it spreads the same message to your whole contact list. Avoid messages like this:
check out these pics of us! http://p1392.pics-myspace.info
Do not click those links. There maybe be different variants of the message but they will all contain the same link. Once you click it, you will be prompted to download an exe (at least when I did via Firefox). When run, it will infect your system and spread the message. So be careful, never click anything you don’t know about. More news about this and possible solutions to follow.
Update: The domain name has been removed so the threat has been removed. Quick thinking has prevented a major annoyance Or not! It’s now on a slightly different domain, see comment by Ian below.
Instant messaging security firm IMLogic said on Monday that attacks on IM networks increased to record levels, multiplying by fourteen times through the first three quarters of this year.
“Over the past three months the nature of the IM threat has continued to evolve with increasing levels of sophistication and rates of infection demonstrated by IM worms and viruses,” IMlogic CTO Jon Sakoda said.
The report concluded that MSN Messenger has been the recipient of the lion’s share of attacks, accounting for 62 percent of reported incidents. 31 percent targeted the AIM client, and another seven percent were aimed at Yahoo! Messenger users.
Full article at BetaNews, sourced via BigBlueBall