RealTime IT News

Worm Strikes The Wrong Chord

A worm packing a malicious punch is on the loose disguised as a music file making its way through the wild via AOL's Instant Messenger.

The new version of the Opanki worm has been hitting some sour notes with IM users by posing as an iTunes file named iTunes.exe. It is designed to lure the unsuspecting into thinking it is part of the iTunes Music Store, according to security firm Trend Micro.

Once infected the WORM_OPANKI.Y sends a message to users' online contacts with the text: "this picture never gets old." The message links to a Web page where recipients are instructed to download an image file. Once a user downloads the file spyware is activated.

"We have taken aggressive steps to halt this new Opanki worm's spread, and have been successful in significantly slowing its progress," Krista Thomas, AOL spokeswoman, said. "We expect to shut it down entirely over the next 24 hours."

If engaged, the worm is installed on the PC and opens a port that's used to upload adware, according to Trend Micro.

"This worm has backdoor capabilities. It opens a random TCP port and connects to the Internet Relay Chat server xyz.legi0n.net. Once connected, it joins the IRC channel fate, where it listens for commands from a remote malicious user. It then executes these commands locally on affected machines," the Trend Micro alert said.

Trend Micro gives the worm an overall risk rating of low.

Threats targeting instant messaging and P2P networks exploded last month, as reports jumped nearly 400 percent.

P2P and IM worm scripters continued the assault primarily with 22 variants of the Kelvir worm, three of the Opanki worm and three of the Oskabot worm, according to a report issued by Akonix earlier this month.