Ever getting weird looking messages from a friend with suspicious links? The next time you ask, he claimed never sending them? BEWARE! For you and your friend might have fallen victim to the messaging worm.
An antivirus firm, BitDefender reported that a new instant messaging (IM) worm has been spotted. The worm has been using a variety of method to beat security programs, even knocking suspicious users off-guard. The worm, Backdoor-Tofsee, only infects PC’s running Skype and Yahoo Messenger while leaving the others.
How It Ticks
After it found a user running these applications, the worm then checks to see whether the target system is running suspect code through a virtual machine layer (a security technique employed by some but not all antivirus systems). If this defense technique is detected, it terminates itself.
However, it will try to sabotage the virtual machine detection system by spawning a ‘suspended’ child process in memory. Then it kills the parent process that might be detected by the security system.The successful rate of this tactic is not clear yet; same goes to creating child processes to keep it out of reach of the debugging system. However, this still looks like a well thought out attack on current virtual machine security.
Nevertheless, the worm still has a ‘last line of defense’, a root kit, which attempts to hide its own files and block access to a range of antivirus-related URLs, support and download forums and Windows update. This is a more standard technique but no less effective if the worm finds a home on the PC.
How It Spread
Nonetheless, its cleverest tactic of all is maybe the way it spreads beyond the initial infection. Unlike others of its kind which simply opens a chat session at a random point with a random contact it finds in the infected users address book, it waits until a conversation is in progress before opening a chat window with a malicious link. This more advanced method would be far more likely to catch Skype and Yahoo users off-guard.
This new worm can also alter its conversations to a range of countries and languages, including Spanish, German, Dutch, Italian and French, as well as English, and is able to vary the conversational openers from one message to another.
Verdict
After all this, the purpose point of the worm is almost ordinary. As with almost all Trojan malware out there, it tries to take control of the system for any one of a number of purposes. The use of Skype and Yahoo Messenger is merely a convenient channel. Therefore, advices to fellow users out there, keep your system security uptight with the latest antivirus/antimalware programs and always keep it updated.
Related posts:
One Comment on "New Messaging Worm Spotted, IM Users Security Concern is on the Rise"
[...] This post was mentioned on Twitter by M. Firdaus Abdullah. M. Firdaus Abdullah said: New post: New Messaging Worm Spotted, IM U http://www.firyarn.com/tips/new-messaging-worm-spotted-im-users-security-concern-is-on-the-rise/ [...]