Spam brings worm disguised as Windows Live Messenger

Trend Micro has discovered a new threat – a spam email message is doing the rounds of inboxes offering a fake Windows Live Messenger, that is, in fact, a bot programmed to report to an IRC-based C&C channel information about the system in question. Here is a sample of the email:

The location of the file is the following: {BLOCKED}s-live-msn.serveftp.com/Windows_Live_9.0_beta.exe, and the details it gathers are these:

The URL has been already blocked by Trend Micro. They discovered that the bot spreads not only through MSN spamming, but also through P2P networks and using the USB autorun feature.




Share this