Main Area and Open Discussion > Living Room

New MSM Messenger Trojan

(1/1)

Ralf Maximus:
Via MaximumPC comes this alarming news:


A new trojan was discovered in the wild November 19th, that utilizes MSM IM to hoist its greasy, hazardous payload around the internets.  Once activated, it scans the victim's contact list and retransmits itself to friends and family, disguising itself as a harmless file attachment that looks like happy friendly fun pics.

Folks around here are savvy enough to know when something looks fishy, but get the word out to grandma and dad: don't open anything without verifying it was really sent by the sender.

What makes this one even more alarming is that it contains code specifically targeting virtual machines (VMs), the first time I've ever heard of that.  So even running suspicious attachments within a VM may not keep you safe.

No word on if this is an MSM specific threat, or if other clients that talk with MSN (Trillian) are vulnerable too.  But for safety's sake, assume the worst.

UPDATE: Durn attachment fell off.  D'Oh!

f0dder:
Hm, contains code that targets VMs...

From changelogs, I gather that it's theoretically possible to break out of at least some versions of vmware... but I suspect "target VMs" simply means it alters behavior when run inside a VM, to make analyzing harder for the malware researchers.

Anyway, I stick to www.miranda-im.org to avoid potential msn-protocol exploits (haven't heard of any though), and I obviously don't blindly click attachments.

Navigation

[0] Message Index