Don't Be Waylaid - This Is A Worm

Users of Instant Messaging and Internet Telephony software Skype need to be on the lookout. According to security firm MicroWorld Technologies, a Worm named Win32.Pykse.a is on the loose, spreading through an Instant Message that shows a skimpily clad picture of Sandra, a model, in return of installing the malware in their computers.

The link to the Worm comes as a message using the Skype API, chosen from a list of random links pointing to a jpg image hosted on Russian Websites. Then the tricky malware turns off the message alert feature in Skype so that a notification message will not be shown to the targeted user when he or she receives the malicious message.

As soon as the victim clicks the link, a Trojan Downloader is pushed into the computer, which goes ahead and brings in Pykse.a. Once inside the computer, the Worm attempts to connect to several websites, most of which are seemingly associated with click fraud scams.

Interesting enough, one site contains a legitimate content lifted from the ‘Living Africa’ website. Even better, another one looks like a counter website that monitors the number of computers the malware manages to infect.

“By the look of it, this one seems like a Pilot run of the attack as the malware author is checking the extent to which the Worm spreads. Next time, the attack can be more dangerous if the websites that the malware points to, contain more malicious code that forces its way to user computers by exploiting browser vulnerabilities or by offering allurements,” observes Govind Rammurthy, CEO of MicroWorld Technologies.

Net Telephony and Instant Messaging is increasingly attracting the attention of Virus writers, as both are effective ways to spread malicious code in large numbers. Enterprise users and home users are at equal risk from threats of this nature and it just underscores the need for one and all to follow Secure Computing Practices, points out the chief of MicroWorld.

Added on April 24, 2007 Comment

Why don't you rate this content?

Article rating -- None Bookmark and Share


Post a comment