A new variant of an old computer worm is being distributed via spam for IM malware. BitDefender, Symantec researchers have warned.
A short message with an unsolicited link with a smiley face supposed to direct the user to an image, that is what users are entitled IM. In this case, this spam attacker who is here seems to affect Yahoo! Messenger users.
For BitDefender, it is a "extremely aggressive worm plaguing instant messaging". See image but a false JPG that proves to be an executable containing the payload Worm.P2P.Palevo.DP. Thus a new variant of an old worm that is about to wreak havoc on Windows systems unprotected.
According to the publisher Romanian Palevo.DP creates hidden files in the Windows folder (mds.sys, mdt.sys, winbdr.jpg, infocard.exe) and modifies the registry key according to point to these files to disable the firewall of the OS. The pest also has a backdoor component, intercept passwords and form data with IE and Firefox. It also affects users P2P platforms Shareza or eMule as adding its code to shared files.
A worm well as the unsympathetic portrayal by BitDefender. Symantec also identified as a threat and has called W32.Yimfoca. It should be stressed however that as the malicious file is an executable, the user targeted to launch the execution of this file while it is supposed to expect an ordinary JPG.
This type of attack is nothing new, but could possibly trap novice users. The infection has yet largely concentrated in countries like Romania, Mongolia and Indonesia. Contamination to other countries is expected, including the United States since Yahoo! Messenger is very popular.