Caution: New Yahoo Messenger Worm

Thursday a worm was spreading through Yahoo Messenger. The worm tricks users into downloading an image from a friend. The link is malware that installs a backdoor on Windows systems and spreads itself to a victim’s IM contacts. It is considered very dangerous.

Do not fall for a message from a contact using a smiley icon and an image link with the word ‘photo’. The link will take you to what looks like a social networking Web site. The link really opens an exactable file (.exe). If you are using a Mac you are safe but if you are using Windows, the file will download. If the user then clicks ‘run’ the computer will become infected and the malware will be distributed to all of your IM contacts. If your contact opens the worm it will keep spreading and so on.

According to Symantec: “Once run, the worm copies itself to %WinDir%\infocard.exe, and then it adds itself to the Windows Firewall List,” modifies registry keys, and stops the Windows Updates service. Symantec detects the malware as W32.Yimfoca and said it affects Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, and Windows 2000.

Advertisements