Continued @ ESET Threat Center BlogLate Monday, we received samples of a malware that spreads through instant messaging. Detection was quickly added for this threat and David gave a nice summary of the events in a blog post.
When analyzing this binary, we found out that Win32/Inject.NBL has a couple of interesting characteristics. First of all, we were able to identify the list of functionalities of this bot:
downloadIn short, this malware can download new files, update itself and remove itself from an infected computer. It can also spread through three different instant messaging programs: msn messenger, aim and triton.