A worm packing a malicious punch is on the loose disguised as a music
file making its way through the wild via AOL’s Instant Messenger.
The new version of the Opanki worm has been hitting some sour notes with
IM users by posing as an iTunes file named iTunes.exe. It is designed to
lure the unsuspecting into thinking it is part of the iTunes Music Store,
according to security firm Trend Micro.
Once infected the WORM_OPANKI.Y sends a message to users’ online contacts
with the text: “this picture never gets old.” The message links to a Web
page where recipients are instructed to download an image file. Once a user
downloads the file spyware is activated.
“We have taken aggressive steps to halt this new Opanki worm’s spread,
and have been successful in significantly slowing its progress,” Krista
Thomas, AOL spokeswoman, said. “We expect to shut it down entirely over the
next 24 hours.”
If engaged, the worm is installed on the PC and opens a port that’s used
to upload adware, according to Trend Micro.
“This worm has backdoor capabilities. It opens a random TCP port and
connects to the Internet Relay Chat server xyz.legi0n.net. Once connected,
it joins the IRC channel fate, where it listens for commands from a remote
malicious user. It then executes these commands locally on affected
machines,” the Trend Micro alert said.
Trend Micro gives the worm an overall risk rating of low.
Threats targeting instant
messaging and P2P networks exploded last month, as reports jumped nearly
400 percent.
P2P and IM worm scripters continued the assault primarily with 22
variants of the Kelvir worm, three of the Opanki worm and three of the
Oskabot worm, according to a report issued by Akonix earlier this month.
