It’s an old story with a familiar ending but for users of Yahoo’s Messenger instant messaging application the emergence of a new worm that preys on people’s instinct to click before they think is wreaking considerable havoc.
This latest socially engineered malware scam first appears as a friendly invite from a contact in a user’s Yahoo Messenger account. What appears to be a smiley-faced invite to take a gander at some new photos is actually the first step down the slippery slope to becoming a botnet.
As eSecurity Planet explains, the vulnerability is compromising PCs running Windows operating systems, copying itself copies itself to the %WinDir%infocard.exe command file and then it adding itself to the Windows Firewall List.
Ultimately, the worm stops the Windows Updates service and looks for the Yahoo Messenger application on the users’ PC where it then starts spreading the malware to everyone on a user’s contact list.
A new and particularly virulent worm weaseled its way into the Yahoo Messenger community this week, infecting an unknown number of users after tricking them into clicking on link masquerading as “foto” or “fotos” from someone in their contact list.
According to a Symantec blog posting, once clicked the default browser is redirected to the worm executable which is also disguised with a misleading name that somewhat resembles a Facebook or MySpace page where someone would expect to find personal photos.