There is a new malware worm spreading through Yahoo Messenger.
What is it? How does this malware infect computers? What does it do to infected computers? Well, just a little common sense can keep your computer free from this Yahoo Messenger worm.
Symantic (makers of Norton Anti-Virus) recently announced the discovery of a new worm spreading through Yahoo Messenger.
Yahoo mail is one of the most popular online email services and many people also use Yahoo Messenger as an instant message client. Yahoo makes using messenger very easy when you have Yahoo Mail so many people do use it. There is the potential for very many computers to get infected.
Symantic calls the worm W32.Yimfoca.
How does this Malware Worm work?
The potential victim (you) receive an instant message from a friend. The instant message contains a link that supposedly leads to a photo. Once clicked, the default browser is redirected to download the worm (the file has a .exe extension at the end-a dead giveaway that this is not a photo). If the user clicks to “open” the photo, it really runs and installs the worm.
The worm then adds itself to the permitted list of your firewall. It hacks the registry so the worm is run whenever the computer is booted with control over the firewall (the firewall is supposed to keep bad programs like the worm from sending and receiving or using the internet on your computer). This is a bit like a terrorist being in charge of who can get on or off a fplane he is going to hijack. Nothing good can come from this.
It also blocks any Windows Updates from occurring or being run by the user.
The worm then sends itself to other people using your Yahoo Messenger contact list.
This is the difference between a worm and a plain old computer virus. Generally, a virus simply attaches itself to files that may get sent to another computer and relies on outside help to move there. A worm tries to wiggle itself over to another system to infect it without someone else transferring with another file.
The worm may also be able to download other malware to your computer.
As it does all this, it may actually download a photo so you don’t realize your computer was infected. Don’t think your ok just because you actually saw a photo when you clicked on a link. Your computer is still trying to infect your friends.
How to keep your computer from getting infected by this malware worm.
- First, never click on a link that has .exe in it anywhere. As part of that, remember links can be long and may have something like .com.exe or it may be long enough for you to see the .com while the .exe is hidden.
- Make sure your antivirus is up to date. Symantic and other anti-virus companies have already added this to malware they block, but this software relies on social engineering to trick you into thinking this is a photo from a friend. Anti-virus will not catch everything everytime, especially if the software is not updated.
- If your using Yahoo Messenger, be extra careful about links and files sent to you – even from a friend. Double check and make sure your friend really did send it before you click. You may help him or her discover they have a computer infected with malware.
- Tell your friends with Yahoo Email accounts and Yahoo Messenger accounts so they don’t get infected. You can say “Hey, you know about the new Yahoo Messenger worm, right?” Or you could say “I just heard there is some malware targeting Yahoo users like me and you, did you hear about it yet? THEN WHY DIDN’T YOU TELL ME?” (the all caps means you yell that at them) That way, you won’t be telling them “You moron, your computer is infected with the Yahoo Messenger worm” when you get that photo link from them. You could also point them to this site and tell them to subscribe so they know about these things before it causes problems.
The Yahoo Messenger worm is not dangerous if you know it is out there and what to do.
It relies on social engineering (that’s getting people like you and me tricked into letting run). When people are educated about the issue, the chance for the worm to spread is ended.
There are a lot more scary things out there to worry about – like the rise of the botnet, which I will be posting sometime soon.