|
|
|
New MSN Messenger Trojan Spreading Quickly
By: Lisa Vaas
2007-11-20
Article Rating: / 59
There are 3 user comments on this Network Security & Hardware story.
Updated: An MSN Messenger Trojan is growing a botnet by hundreds of infected PCs per hour.A Trojan is introducing malware into thousands of computer systems worldwide, and the number is growing by the hour.
The malware is being introduced by MSN Messenger files posing as pictures, mostly seeming to come from known acquaintances.
The files are a new type of Trojan that has snared several thousand PCs for a bot network within hours of its launch earlier on Nov. 18 and is being used to discover VNCs—remote PC connections—as a means of increasing its growth vector.
The eSafe CSRT (Content Security Response Team) at Aladdin—a security company—detected the new threat propagating around noon EST on Nov. 18. At 18:00 UTC (Coordinated Universal Time), eSafe had detected 1 operator and more than 500 on-command bots in the network. Less than three hours later, or by 2:30 EST, when eWEEK spoke with Ofer Elzam, eSafe director of product management, the number had soared to several thousand PCs and was growing by several hundred systems per hour.
eSafe is monitoring the IRC channel used to control the botnet. The only inhabitants of the network besides the operator are in fact infected PCs.
The Trojan is an IRC bot thats spreading through MSN Messenger by sending itself in a .zip file with two names. One of the names includes the word "pics" as a double extension executable—a name generally used by scanners and digital cameras: for example, DSC00432.jpg.exe. The Trojan is also contained in a .zip file with the name "images" as a .pif executable—for example, IMG34814.pif.
The files are infiltrating new systems by using either known contacts from which the Trojan has harvested instant messaging names, as well as from the systems of unknown users.
The infection vector—an IM program—isnt new. But the Trojan is the first that eSafe has tracked that has tried to scan for VNC (Virtual Network Computing) instances, likely in order to multiply the botnets number of connections.
Elzam said that the Trojan shares common characteristics with other Trojans, looking like "a flexible Swiss Army knife" with multiple processes to steal passwords, to spread the infection and to deliver spam, for example.
 Are VM rootkits the next big threat? Click here to read more.
Given the familiar social engineering aspect of the attack, individuals are being urged to not open files sent unexpectedly from either friends or strangers.
eSafe hasnt determined what criminal activity the botnet is up to at this point.
Editors Note: This story was updated to correct the erroneous interpretation that this Trojan was searching for VMs and to correct the name of Ofer Elzam. eWEEK regrets the errors.
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.
|
|
�������x}v6�EW--ִmy,u;=:� I)RCR;�[�7]hɗnwb["�PU(�
��y$sW7-gD.\sfS;q;O
Y%Tw>{�Ƶ(ˑԫ�1mS�HnwݶFN-gP'^��> \?g3Q;Y|���ߵ-m:��]'|�*U�n��p{#a_ʞ0�HQI�M"p8$j�>vn3d�#B�=x:a/M˟�l�ڮ�U�X'�[vB�䅠1FE��/t�#�J;rOG9"�ScO$ա�U�NIp/0��Q#@ڮ�S.�HVfIJ;g�uGg
bݩGMҵ�G(&�$g��v?�ǭQ If%��a��5g�?-�G`>N8C�En�O�U[۾�t�sgy@ff��.j.�9ac�M c
��Ї@2zz`N��{tXa_�dY7;�Ͱ-6@6CM-��*R?tދWcm9��2w7[ֺ[\)(�U���u�غs��m)k�m�}|vNzu~N�ox�9vy/o;YHM~g/DR�˅$D>��-Yu_G�5](E~o[�M�R=4,g��f�VҐ�g�UUYڭ^S~6.{vEz㳣v�;l,a�R422V,]鮘ȏwAժy|qӾlvnsMOV�Y;��i
Of�ɗV�\vO|���Q�&�:aZ+U}IͽGf9}jq�o]}<:o�$7cYn׳9�0omYn]H.)T|Y|ěy30si���2)�߆I&@w[��@ k+:YKc7������_f]-w��za4Z�@u�&�h�)5?�&�9gMa�b&DJH7�єy�e��$�}ВEtBAͨ8
.)J�!"xN3E�!\J�!]!
g�|��8Jn.b?
[�&�izlNTVʒ0Wb{g(�E�ށ:IxjUO�nqڂ)W�C���EhYf7-vI�9QM}sQc1x+%Y��Ee_U��_p�-~~l2B��c�Lt Ӈ` 0h
�vz!>PӚMj�q�OCGs�>H2胎6ml8�-�"�
,70}HG:QI�4�X0=�c�Og6%_�¤><� �&ztH۠h&r=�kI�ׇ.[??�� ;
G`p]�&;�xk�=`DMWt��C`��V��<� �2/?>�a�xs݀�̧P�}-�{&`sDowe����93(�S�JdN˕����] CRRP$S�]HPw9�J�
B�!\��0H��V0(VNR1i�Jl�Ri swRTD;7 KŔ=*%�nqR%a 934YIjL=?�j1!U�G�,D`v9J,L��.�[
ϴ�6�jԍe�bQ9Դr�>�Ҥ75�Z�K9b�i]yfm�,`b� HS��%\Ew,t�3�Asq=7�cBC�yu;J`z0aEiŬ9c߃19���iq^i.;[@Oe]Zr{Q^ӛA'~.
B[+�Y�&���&ےx��A-ʘ�ŗZZG"��JM�P>�V�"�Cɣ($�me6L�?I�n<�ϞZC}nvP
jrAjc#S�V-iV^Ϛe+ �L��
�4
���`�*�`b\0
N`Ncw
Asmt~o�:����*�l|0ː
t1
�J�kX�"lM
M=t�%�hx#e\�6�XbO`SF�CמO,.�{K�Iky]ؑ.�R\��|rj�N �� |4'Z>�ph`/Rݷ:ztqj )ՅI�,䧒\R
�~$�[�b"�ud\6˰@e9�ִ
&;tm۽&�zfdݙ0�1OK-�˙�@�#@:"X��'Ѡ�c�D8t_(+
#W��.;OY�*#؊��k��o` �2l�3q��/.zrȦ�2~�2EjƟR�p!< _qO7[faY8
^^�L}6݂�/]rϙ�,�|:�
'�31�2&
z@j9Abv�6�-�̓�wz&J��Ĵ\.[C5^-(�93+F]MM:f2/��c�X��dUM+%0c�3�YhSYlpg#H�]Ӟuus��lO>=�~
���/�#U�IV:#ݸM�ȫ"�>sԵлMc�l���~Jq3`�"象mBt�u_�+'&Gl�E6Xi�l=���vH|�f^G~{?I�~9p驔r�g�HWt�Z/3O�iq,
ҧP*~
EPGIռi0R�BE-) CoE�D\v���/Z&h�e~�6Kf?ͥ�Z57c�X�sB�x)�`fK�%���_v�ܖ[J,]A��a
u0
ЧlrKz]w\C8G̕=%(IX�\%=QX�u �Z:�T)�UU :*ijARϢpӁ9tGFl~" tDwe2qy27(k�Mi@���&ݙ}�adJ䦳T.jZ��b[)Uʹ�w�c"�i�!`0�X>=bxH��p?l]�Z.+~�d9#�T�`| @-a'd1s<�œo
=$Ԅ�ן;
+�~w?l)Ɂ$ |BJ�D;}ZPf�&��㘘�ٽ�~Ъ�%��&��b�}JV�~�ZgZ�qR�t,+?w~i7{g�}eO:i\?����&=~f�?<{�a�a=$gY/�ЏWKӇ/5.��If�R:$jpzxٔ��?���eF&{f�B�,
F8o�I�Ÿ9}/gvj4S隿ð
Nza��區���uz΅sѸ>m_/~�w;(!9o_dcxΕx\MC;�R}zyU4*$yq�p|hq\3)6MF�0SW5!�xidL�ik��-/ҹn9`B4c-ɅHg���fa�Eq0fVxy�_aݪ�,d"0�)&��Wtrȃ}��E9����ǀzB�*�lw�#i%LB�(�
�`E/Щ
c~�HF�rI'zRG�>egq�π/PAS�):�*9QZakѷo9Aߐ>O1Okw��tE�h[(k��h,�VbsZ;D:{d�Nlp
j`ySrg�F�4/�E/p�ǻ��"TS�8怌-ӤN)fTD�xi'>�fax!w�m q�%՝b" oBٸEO�,lm��&SsS)���" �m$jRSfj�# $_2JI,v+ht(lAW j��Ú�mf�/.i_n6D20�&@v�\f0Ӑ`�q�k�7É@P� V�-�QגZ4ҫoeW!9�
��lj9l01�t�a^�rW�Su"ıGH1D�:n�;��WQ
=d�Z�nW8Z7\ta}c|w=sF�'5\;�>'#v,Q7�}��X9�}�DK{,�i�;�;�?P.Zs��gOɍ2sXsc��l+ҿDž̳bt' !�iZפqw�j�`~%XDRo�BwGH|5|ÿ§ �� �r;k�קO�ƭtov/zMY�FЧ
ǻoc$Ǯv'ݻw�~Zw[q*A-wC�<-�L>?Gdc:� M"�I^U֩UdU)I]YDG㳑)G8���b[�`@L6COځ{�-�3(��#{F-2{K7Kx=*~�O�Ov4�]f+wuB%u-JKz%nwQ�h�r;D҂%y(qQ�#{�"F%{two��o�14��l*z3=}9[fv?kH��>dO#@/lvh6tY��~�AXy� �Vorl8Grs&�8<��O�$��euw#�S�'gSc3/H�F#%g�yS˱6mF�@|Ր����;ar*|�b��\<�e�&�qFL|{�rx�8=&�+/' g|o#&_M_k
w�S M�k/!/1�%CKѴg=.00yS�/r�K[�⹋^]:lQۍo%n2;-��fsX#f�oZ��D
+�'70o湕��VHn5��;<𥋜T�d)�9}FlM3/}t.�X�?.}/iZT-B8��6�63����%a��k!�"
��Ld B�|X��+IU%6y-]�g��_�3�E%jn\o"tIg�ZHmgn3�(�$�J�(�Y�p�~kzi?'Mٰ:�Q���5'KOۢ�MqBaD�``oH��
P?^g+�)H&�u,r�vQ&v K:vm�v�M֚�=÷�Nod�ЮCH
��(PiCAy�0
�ߑ0�x.�.7IGT�*`rUVᄨ�)GD�0�az�!�P$j�aף_8x9_�ֆ|Z|)>mE&�|+W_BP�^N$zj}ؽ�}aD�!EǘHot#xֳ7�ҋ0rw��Lt|���9"qKSjH�W��I� 4��1X�WcWMd
?�'!3_)�BNT~�S9L�,$v*jaXL|dj
# @�"�0@L;YC@ܱշCO!ILP
R�
�t/)�l�;)���x�hQ [NDO׳-,"mj�vA��b]߸:W�I_�ƝuEXTmg]d6W�ՓZ9���=.kfz^��څkclؽnjr6"v%�M�4L�u�S%A:/
x�jz>u�]u�fTj�=/C�g.@z���!|{<9�ڛZߴWsG6cݙ�Pg҂�W%.a]7��E=^:_��4)cꈗ�W�F*^
~{�Q֣�ue /Mdьx7�KJMt}%5�,X?e��`ׇ9 �/kg�H��B7ŸawcL�_i\x�x>t;#?
cD��&jJ+k��xçȂyI'.�)^' rK�~3�(�my}zk]aƈn p'װr>X//ty/@8_)=h%,#G=)+�%A.W�WA;2n�~0um%�.⛽Jh?ŗ@rW|k�gNt?]Uu{ѠB7Қ٢�k?1�Z[ƚLHj�~6}A˽=V4�
mX�[`8ËI{ONa�Y�mZۈY�5~GrW*eX
-}-'�RC4;M܃��yg�¡YKj|ubM*$t86�g�&e<�l~f"�=.�2b98X"O~
F�\&]ݽ]ż�|�Ms-�Eu~Z�]"6����qu` 2�]ö�뿓$ywg�1����%1Y~�Gj���OQ5)O.&;Fc�!D7K�YXCtU;ѥ�'k2u@w�wk7OaR�,:' "�E��/
<��7�zƅ=k<=q ��_n�ON3)��*a�ˊ�vמQN|l:[^*juo�?�
~E[s tP�b!�N4�#|ȮHA�"6,�A\ۦǝ��7X�Ns��J�(aږNP&Ʈ$��Jj��ad$ƽ^t�yϽgL���l�갺X�oZ���a0F_�1V&G�B�A8A�XJ�o,"�xa�C� q�uQ%�3t h#8iLʃz�^B=̨�sj4�1�!�ޒ�r>&ƘKjxgVQՒ|��Rӊ,w)]�dDo=?�:էBZcY��Wes[��ɣS#D4Xt�HU)
&
0Z`�>bTy
N]� �6L}^Šx!Vy
<�m�+=m<�
Ln&4*m'h�zBRKo^3C'�ܬXM`�ܮrG܀�c[�mQ�NaDXrӑ�'>��G�2�n-&�~iX�Qo>H�'*t=jh�DͤJd�i8]P)ÿCrz8
P�s�0]\+UMhբ
fG@VT9>be[ar�gֈO��Xie�c=�Hmy1y�RI+��-ݳaS�\*!E�L>MY�(q�|-�>"A�dӃR�q| lK��A�Lr�|{\�ۍ�9a@�jW3��qڕ3����{{i/1�~H+kѱ�˕<̜�Y|юMUbtM-R^@wyj�4Z�u,u{
cD̋:��c��%gevJf�0̊�ےV�o4J�ۅ]�aiJ %0�99�ݱ=�X�0w<:�IwJ
Ki�?R)!l$:*<�s�c6ڈj
T\SG%�KS0]LaLĈ�R>dD+9m��A�W1h=`ڈCUL�W<00t#P̲jN�T]OpY�_E�_�t[6f ` C�#:�&͙���)<]С��
�reOJoIgo4�> ��Pmļϴ@BSxq�&�wzGd.$!'�Bܔkgqw rF@Yj!u<H]�U#
`�xAG(��z`�~he{Z]
dKrP_[�{�/u�..�49a�(4x`G�!AN�x�l��0W $�
� [z[{�ϪC^����M}ScPx-�r9G}8[ֺp}U�1"ۗ�'p�`�\prd@K&L*2&�B�s�8���79|}�vtV�n�O�KZ�&9a� k(E6O8c�9�)[p���bZ!Ř!by^r�{fĄ1{(m<�fCcн�i_11Fiŷn(�l�;b21C|>OcX��G�DjbTȧ�]N*�@���`g*�#��?B5ij�u�SJTmn$|�s�g6�XLh0v�>�"(S[��]ă0>]q0ݏqWiN��&`b�{�,ywJ7`C'[�j�E�Y|ob{�LgA~\b�@Ԑ0�(VIB�u�XRFB(�s�
�f1H�gutl���Ca�h),f,�TՊR
&uU}�!2,��=VR⤽<>|Agu~^*ͷӄ^I+\A]��/ �PIZ��
�W{}G� }a3bru?��sM�"ݏGUݹ$G
�¶V-�r5�u�u;WOڗe/W?<�d kyl2/*�˙ΒQ�9l\28�ΈksYx�9%�y�*w�8l��IwO|;Rf�}Y
Q��JNi21Sh6[ݮMֆC}~ƫ�x]fMɱkfhw>��t{�r:X)`�чZIe r��!>E[=ҹlIJ/6�3?@ߠk(^_~�NmdwQ[_��4[�P~�sASiFO?Bg\͌r_;i_fC�?t3?C�<�>v�/2��Y���\d��"?/?/2�e2�OP)�2�(r�ˌ�̐K�ˌ@;�d�N~�+x*k���7��_/zB?�}OP)�'ߧ�@MV9M�@7��d_ry���rָ
)��QFy)W?R�E�rXB]dCy>++P/Үw2�ث�:�?3/��^�}NF&oN3��^a芪g-5nk
ǸJuv�^_B��KHe^ٛT2�GPipKxEó#�#�h��toĶ.�~EYAI{R}tE�OI>t�i@Lw<ߔ[nNJ>s\ȜHǣ�WɴFVی ]�9�|,y��|e8�Nt�<1 }^f1��.?�&v�' @9Nr m>v=yO^��^RqFPc�nu=
�!yqb�٤V`l}�Tq8 j5&pN!3J8?0�
fZ���gaJq`
a箩-g�7CtF
�{4�"uG`�f߰-� t6EM+�+J9wwrDa3=""CHITMV�YI2ZY/�+��PP�फ़��h�[iR�o視��y�Vi8a�n%[�C Dk(��x��YxcDz�_,mBfp�0l{|y�
ގe�@��?o��9X�,.#vR�'QW�+xǎ;bUocƥ��6�%dή�1v�fu̿6Y*p&U4^�Y"Dü��xl�4@;4�Hr(9Pų�l1@�Љ>�b�}L�.LESzq�;{08��,_bY\W�Yfq˭�d<@T6?�rކwr$m~H-�t{���#�KzU�xi�/��C4|'o�Az"0~.6�M�H�!vOj;C�ś��I��VN�Ί�qM
H@f�]32�/§On3A ��b5v^`cоx^�q4��Hl7c@诿J`Xk4~u#�aq�1$VSP}XGm:��Zd�^9�>~P~�C�
>1�1,}Ơ�)�e54��:X-5,l$9�=�A�Sh4�ϛW5���EXI%�i;jS鱽�$0\d�~\g;5[v 3R�,���`+/2^�;'���^]4���Xl=$~1|t,C&c��S���!m^Πo'b�_w4-YoˊL3t#mG3RVf�ХIG[=$sDs݅� ߠ(b/<%���*`>��
,��CP6�vo�>�caA��>X�X��e.,s(ŬBSd��=�)OB'[nIG\�k<>a�iЄΧ^p멎T�U|��J��A1^wKu!A]�=_�vs[>/'R`���{z��w1燸[�0tczN�z�'�8K�IJ���e�pCikZK�0Dq]�
�XâȖWqTR:!�;
/D?8-��ci,��;bcXJ
,�ozԛ'T�S*�4.>ϝn̯\2�xDh\"�P/�V~LʙkcPֽk�x�ٚջHR#SL�呓<��A�C9Xq�k @O=ל �r?vm�r�?O19�&rX >�ل6�sa�Ƚgz�^|j}�X���[�`*3F"�%hw2b5�����_yfOȅ�^`\YG��7�nykb�d!'˞tҸh>!�L*`g�o>!2D!6�xVws⿁�q)�m9EKB\7[i��B"E�wh6ۗɊxYοa(X�E�Ch��⍿C01�4[SˬZY$I#[ov[�b$-�U.ɾR�6vS��F'a9PU>\J�BS+$�WY/WfDN�Ƈ̚J܄;6�6BKFslx�6�1��9s.�(��
|
Network Security & Hardware 
