'Leaked' E-Mail About Windows Live Messenger Really A Trojan
The message, which refers to an alternate name for the upcoming Live Messenger, includes a link. Users who click on the link, then download and run the executable, are installing the Virkel.f Trojan.
By Gregg Keizer
Dec 27, 2005 11:28 AM
Helsinki-based F-Secure told users to ignore instant messages with the subject head "MSN Messenger 8 Working BETA" that go on to claim that "Messenger 8 BETA has been leaked!"
The message, which refers to an alternate name for the upcoming Live Messenger, also sports a link. Users who click on the link, then download and run the executable, are in reality installing the Virkel.f Trojan.
Virkel.f adds the compromised machine to a botnet, from which the hacker can update the Trojan with additional malicious code, to make the PC into a spam zombie or along with others, launch a denial-of-service (DoS) attack on Web sites. Virkel.f also shuts down anti-virus and security software, and blocks access to sites that belong to security vendors.
This bot worm spreads by hijacking IM contact names from an infected computer, then spimming those names with new messages about the "leaked" client.
Live Messenger, which is being tested by a limited number of users, recently made news when some began selling invitations to the beta test on eBay.
Source: Information Week