Since I have found C.T.H. my experience has been enhanced and very enjoyable. I am learning and find myself more enclined to be taking than receiving. Hopefully this will change and I will be able to help more .Inthe mean time I have other skills and I will try to read the anything else board and maybe help in other ways. Keep the quality up, and the humour - mickb 
New MSN Messenger Trojan Spreading Quickly
Posted by: Tweaker
Date added: 08:45, 19th November 2007 GMT
Source: Eweek News
A Trojan is introducing malware into thousands of computer systems worldwide, and the number is growing by the hour. The malware is being introduced by MSN Messenger files posing as pictures, mostly seeming to come from known acquaintences.
The files are a new type of Trojan that has snared several thousand PCs for a bot network within hours of its launch earlier today, and is being used to discover virtual PCs as a means of increasing its growth vector.
The eSafe CSRT (Content Security Response Team) at Aladdina security firmdetected the new threat propagating around noon on Nov. 18. At 18:00 UTC/GMT, eSafe had detected 1 operator and over 500 on-command bots in the network. Less than three hours later, or by 2:30 E.D.T., when eWEEK spoke with Roei Lichtman, eSafe director of product management, the number had soared to several thousand PCs and was growing by several hundred systems per hour.
eSafe is monitoring the IRC channel used to control the botnet. The only inhabitants of the network besides the operator are in fact infected PCs.
The Trojan is an IRC bot that's spreading through MSN Messenger by sending itself in a .zip file with two names. One of the names includes the word "pics" as a double extension executablea name generally used by scanners and digital cameras: for example, DSC00432.jpg.exe. The Trojan is also contained in a .zip file with the name "images" as a .pif executablefor example, IMG34814.pif.
The files are infiltrating new systems by using either known contacts from which the Trojan has harvested instant messaging names, as well as from the systems of unknown users.
The infection vectoran IM programisn't new. But the Trojan is the first that eSafe has tracked that has tried to scan for VNC (Virtual Network Computing) instances, likely in order to multiply the botnet's number of connections.
Lichtman said that the Trojan shares common characteristics with other Trojans, looking like "a flexible Swiss Army knife" with multiple processes to steal passwords, to spread the infection and to deliver spam, for example.
Tools: Post a comment | Link to this news item | Send to a friend | Submit News
Error: You are not logged in.
In order to leave comments to news articles you must be a Cyber Tech Help Member.
Registration is completely free! 
Register to become a member
Along with access to leave comments to news articles you will be able to ask any computing questions you might have on the Cyber Tech Help Forums.
