A “Worm.Ckbface.adj” is spreading via Yahoo Instant Messenger ,that tricks people into downloading what they think is a pictures from a friend but is instead malware that installs a backdoor on Windows systems and spreads to a victim’s IM contacts.
The worm arrives via a message from a contact with the word “picture” or “pictures” along with a link to a Web site resembling a Facebook page, MySpace page, or some other page where photos might reside.
If the user clicks on the link,the executable will download and if the user runs the file, the computer will become infected and the malicious message will be distributed to all of the IM contacts.
Once run, the worm copies itself to %windir%\jusched.exe and turns the computer into an advertising cash cow for some enterprising malware distributor.The Worm modifies the active browser’s home page setting to a malicious page on domredi.com.
We recommend that any Yahoo Messenger user who receives a suspicious instant message with a link first IM their friend to ensure the message is legitimate before moving forward. Users should not download executable (.exe) files that are sent through Yahoo Messenger.
Thanks Mahesh.
Related Posts
- New Yahoo! Messenger worm
We have recently learned about the existence of a new Yahoo! Messenger worm doing the rounds. Potential victims receive instant messages from contacts in their list, containing a link claiming to be a... - Yahoo! PH Purple Hunt 2.0 Ad Compromised
Earlier the other day, I was browsing through the Yahoo! PH site and the Yahoo! Purple Hunt 2.0 ad caught my attention.Curious as I am, I clicked on the ad and surprisingly my browser downloaded a sus... - Facebook Scam Alert: ‘Everyone do check what she did on cam’ Spreading
We’re monitoring an on-going Facebook scam campaign that seems to be spreading faster than any campaign we’ve come across before.
What did this girl do on her webcam?
The scam starts with ... - Twitter worm Profile Spy spreading fast.
It appears that a new Twitter scam is making its way in lots of innocent users twitter account. We call this a Profile Spy worm app. Its basically a rogue Twitter application known as Profile Spy whi... - Facebook Scam Spreading: ‘Hey, I just made a photoshop of you, check it out’
We’ve been monitoring a new Facebook scam that is spreading via Facebook Chat messages. This particular scam usually begins with a chat message from a friend like the one below:
Example of the ... - ‘Just applied for my own @facebook.com email account’ Phish Spreading
There is a new scam making the rounds on Facebook today. This particular scam is surrounding Facebook’s recently revamped Messaging product, which now gives Facebook users an opportunity to ow... - Trojan Spreading through Facebook chat.
Facebook photos have become a new target for cyberthieves looking to direct users to malicious sites. Recently spam chat and email message were sent from compromised Facebook user account to their... - Hide Your Real Email Address With Hotmail
Lots of people have multiple email addresses: one for work, one for personal use, and then one or two that might be called "spam-catcher" addresses -- used for low-priority e-commerce transa... - Donbot spreading Bank of America scam
Phishing attacks targeting online banking customers at various institutions is nothing new. However, today we observed another version of a phishing campaign spammed by the Donbot botnet. This phishi... - New Koobface Campaign Spreading on Facebook
Websense Security Labs™ ThreatSeeker™ Network has detected a new Koobface campaign spreading on Facebook. The campaign is spreading via direct messages sent from compromised accounts...
Posted on 12 April 2011. Tags: Messenger, Spreading, Worm.Ckbface.adj, Yahoo
The above information is reprinted from and copyrighted © by Quick Heal.
