A MSN Messenger Trojan is growing a botnet by hundreds of infected PCs per hou, adding VMs to the mix as well. A Trojan is introducing malware into thousands of computer systems worldwide, and the number is growing by the hour. The malware is being introduced by MSN Messenger files posing as pictures, mostly seeming to come from known acquaintences. The files are a new type of Trojan that has snared several thousand PCs for a bot network within hours of its launch earlier today, and is being used to discover virtual PCs as a means of increasing its growth vector.
The eSafe CSRT (Content Security Response Team) at Aladdin—a security firm—detected the new threat propagating around noon on Nov. 18. At 18:00 UTC/GMT, eSafe had detected 1 operator and over 500 on-command bots in the network. Less than three hours later, or by 2:30 E.D.T., when eWEEK spoke with Roei Lichtman, eSafe director of product management, the number had soared to several thousand PCs and was growing by several hundred systems per hour. eSafe is monitoring the IRC channel used to control the botnet. The only inhabitants of the network besides the operator are in fact infected PCs. The Trojan is an IRC bot that's spreading through MSN Messenger by sending itself in a zip file with two names. One of the names includes the word "pics" as a double extension executable—a name generally used by scanners and digital cameras: i.e., DSC00432.jpg.exe. The Trojan is also contained in a Zip file with the name "images" as a pif executable—i.e., IMG34814.pif.
View: Full Story @ eWeek
The eSafe CSRT (Content Security Response Team) at Aladdin—a security firm—detected the new threat propagating around noon on Nov. 18. At 18:00 UTC/GMT, eSafe had detected 1 operator and over 500 on-command bots in the network. Less than three hours later, or by 2:30 E.D.T., when eWEEK spoke with Roei Lichtman, eSafe director of product management, the number had soared to several thousand PCs and was growing by several hundred systems per hour. eSafe is monitoring the IRC channel used to control the botnet. The only inhabitants of the network besides the operator are in fact infected PCs. The Trojan is an IRC bot that's spreading through MSN Messenger by sending itself in a zip file with two names. One of the names includes the word "pics" as a double extension executable—a name generally used by scanners and digital cameras: i.e., DSC00432.jpg.exe. The Trojan is also contained in a Zip file with the name "images" as a pif executable—i.e., IMG34814.pif.
View: Full Story @ eWeek
Had my attack 4 days ago....
Had my attack 4 days ago....
'Oh, my friend that i havn't talked to in months just sent me a file called lol.jpg.exe, and didn't say anything else to me! I should open this even though i know its not a picture because it says its not and windows is giving me security warnings!'
follow this link i was hit by it too this one works without restarting ur pc and nothing to do with registry
@yakumo so you say this is a virus too... if yes, thanks for nothing @pureplayaz
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.