New MSN Messenger Trojan Spreading Quickly

A MSN Messenger Trojan is growing a botnet by hundreds of infected PCs per hou, adding VMs to the mix as well. A Trojan is introducing malware into thousands of computer systems worldwide, and the number is growing by the hour. The malware is being introduced by MSN Messenger files posing as pictures, mostly seeming to come from known acquaintences. The files are a new type of Trojan that has snared several thousand PCs for a bot network within hours of its launch earlier today, and is being used to discover virtual PCs as a means of increasing its growth vector.

The eSafe CSRT (Content Security Response Team) at Aladdin—a security firm—detected the new threat propagating around noon on Nov. 18. At 18:00 UTC/GMT, eSafe had detected 1 operator and over 500 on-command bots in the network. Less than three hours later, or by 2:30 E.D.T., when eWEEK spoke with Roei Lichtman, eSafe director of product management, the number had soared to several thousand PCs and was growing by several hundred systems per hour. eSafe is monitoring the IRC channel used to control the botnet. The only inhabitants of the network besides the operator are in fact infected PCs. The Trojan is an IRC bot that's spreading through MSN Messenger by sending itself in a zip file with two names. One of the names includes the word "pics" as a double extension executable—a name generally used by scanners and digital cameras: i.e., DSC00432.jpg.exe. The Trojan is also contained in a Zip file with the name "images" as a pif executable—i.e., IMG34814.pif.

View: Full Story @ eWeek

Report a problem with article
Previous Story

Mininova: 1 Million Torrents Uploaded

Next Story

NPD: Wii Recaptures Leadership in the U.S. for October

16 Comments

Commenting is disabled on this article.

My brother got this, got right past avast, I immediately new the file was a virus when someone sent it to me ( don't even have av and dint get infected) and did not open it (Although my dumb brother did immediately), you'd have to be dumb to open a random .exe file from someone saying crap like "Is this your cousin" "I can't believe we did that" this virus is a bitch to get rid of too I just ended up formatting his computer because it needed it anyway.

Whereas you have a point, you are somewhat incorrect: MSN Messenger is not dead. In fact, you cannot install Windows Live Messenger on operating systems older than XP. As such, MSN Messenger will continue to be supported (as far as security issues are concerned) for some time to come.

I was not hit by it, but i have dozen of people in my msn with this on their pc's, they keep asking me how to remove it.

@yakumo so you say this is a virus too... if yes, thanks for nothing @pureplayaz

I dont understand how people fall for this...... Honestly, some people are so immature when it comes to the internet.

'Oh, my friend that i havn't talked to in months just sent me a file called lol.jpg.exe, and didn't say anything else to me! I should open this even though i know its not a picture because it says its not and windows is giving me security warnings!'

Maybe it's dumb for friends you haven't talked to in months, but the exploit supposedly works because of social engineering. So the thought goes like this "Why would my friend infect me?"

Exactly what i was thinking, if you don't understand a file with the extension "exe" or "com" or in this case "pif" means it's obviously NOT a picture.. then either learn some basic pc stuff or hold yourself from opening just anything coming your way without thinking twice, it's simply the same with anything else in the real world. it's all in having a brain imo.

Sorry to burst their bubble but this was happening last month at my work place. It got past the coperate a/v and this is the exact same trojan method that infected the higher ups. Problem is when the message of your contact contains take a look at my naked summer pics. You dont accept the file. Whats worse its a resident memory trojan. So the laptops you gotta yank out the batteries to kill it.

I have seen someone on my buddy list infected by this like 4 weeks ago now, I almost fell for it, thanks God OneCare warned me about the infected file and denied access to it before I had a chance to open it, I just received a message from a friend that went something like this: "Here, remember when you looked like that? you should put these pics on your myspace!" the message was in Spanish and it came from my cousin who lives in Spain, I tried to message him several times to let him know he is infected but he never replied back, which makes me think the trojan might be connecting to the MSN network with his username/pass without he even being connected himself, or pehaps the messages I sent to him were being blocked by the maleware, very strange, but certainly noticed this weeks ago.

Boogiman said,
Uhm, is it me or is this ****er active for a couple of days now....

Had my attack 4 days ago....

Well, according to the eWeek article, they
... detected the new threat propagating around noon on Nov. 18. At 18:00 UTC/GMT
So, I guess you found it four days before they did!