New Worm Is Feature-Rich In Instant Messaging

This forum is for related Instant Messaging threats for all IM clients

Moderators: Admin Team, Moderators

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

New Worm Is Feature-Rich In Instant Messaging

Postby TeMerc » Fri Aug 29, 2008 11:03 am

Friday August 29, 2008
Pierre-Marc Bureau
Researcher

Late Monday, we received samples of a malware that spreads through instant messaging. Detection was quickly added for this threat and David gave a nice summary of the events in a blog post.

When analyzing this binary, we found out that Win32/Inject.NBL has a couple of interesting characteristics. First of all, we were able to identify the list of functionalities of this bot:
    download
    update
    rm
    msn.msg
    msn.stop
    aim.msg
    aim.stop
    triton.msg
    triton.stop
In short, this malware can download new files, update itself and remove itself from an infected computer. It can also spread through three different instant messaging programs: msn messenger, aim and triton.
0-= Continued @ ESET Threat Center Blog
Image

Return to “IM Threat Center”

Who is online

Users browsing this forum: No registered users and 2 guests