Symantec Warns of Worm Spreading through Yahoo Messenger
Symantec Warns of Worm Spreading through Yahoo Messenger
Posted 05/07/2010 at 5:34am
| by Paul Lilly
1
Comment
Print
Security firm Symantec this week issued a warning about the existence of a new Yahoo Messenger worm making the rounds. According to Symantec, the worm has been spreading by sending messages to victims from contacts in their list. The compromised IM contains a link claiming to be a photo, but really points to a malicious executable on the Web.
Clicking the link itself won't harm your PC. Instead, the worm relies on old fashioned tech newbness in hopes that the potential victim won't pay attention to the file they're downloading, which is a dirty executable and not a JPEG, PNG, or any other image file.
If executed, the worm copies itself to %WinDir%\infocard.exe and then adds an exception for itself to the Windows Firewall List. It also stops the Windows Updates service and sets a registry value so that it runs on bootup. If you suspect your or someone else's PC has been compromised, the registry value you're looking to eradicate is:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"Firewall Administrating" = "%WinDir%\infocard.exe"
Anyone run into this?
Image Credit: Symantec
More like this
1
Comment
Comments are closed on this article
Daemon
May 07, 2010 at 2:19pm
Yahoo exploitation among many, is a hobby taken on by a great many lamers. Everything from name cracking to booting and cookie exploitation goes on day in and day out. 80% of Yahoo chat is overrun with robots and spambots. Yahoo inc. themselves seem to not care about the users. There is also a thriving blackmarket of endless booter sites such as viprasys that exploit these weaknesses. Yahoo has to be an exercise in futility since Yahoo Inc. is very slow to react when it comes to patching holes or providing assistance to their clients. In adittion Yahoo security or indeed customer service is fairly insulated from the common user, getting ahold of anyone at yahoo to correct anything itself is nigh impossible. Yahoo Inc. itself seems to not care. Posting anything to the official Yahoo Messenger Blog to highlight such problems is summarily dismissed and deleted from the blog since it just casts a negative light on Yahoo's shining jewl. In spite of all this they still get awards for their exploitable chat system. Bots, sex spam, booters, crackers you name it always have the upper hand, users keep being punished while the bad elements get away scott free with extra lulz. In ten years of using yahoo chat, all I've seen are users being abused and punished from all sides, all the while Yahoo Inc. turns a blind eye.
Connect with MaximumPC
Featured Content
The gang discusses the GTX 690, Trinity, Ivy Bridge, Amazon, big-box stores, MMOs,...
This month's issue
Feature
Build a PC On Any Budget
Feature
Cloud Services Showdown
How-To
Encrypt Your External Drive
Build It
Upgrade an X58 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: Original RickRoll Video Returns to YouTube After 24-Hour Copyright Hiatus http://t.co/MaH9Sxyy2 days 3 hours ago
- maximumpc: Corsair has decided not to go forward with its $78 million IPO, citing weak equity market conditions http://t.co/A5a4DAzj2 days 4 hours ago
- maximumpc: Want to work at Maximum PC? Our Online Managing Editor, Alex, is moving away, so we need a new one. http://t.co/9Z7JCh0E4 days 1 hour ago
