topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Sunday December 15, 2024, 8:16 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: New MSM Messenger Trojan  (Read 3424 times)

Ralf Maximus

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 927
    • View Profile
    • Read more about this member.
    • Donate to Member
New MSM Messenger Trojan
« on: November 20, 2007, 09:04 AM »
Via MaximumPC comes this alarming news:
MaximumPC.jpg

A new trojan was discovered in the wild November 19th, that utilizes MSM IM to hoist its greasy, hazardous payload around the internets.  Once activated, it scans the victim's contact list and retransmits itself to friends and family, disguising itself as a harmless file attachment that looks like happy friendly fun pics.

Folks around here are savvy enough to know when something looks fishy, but get the word out to grandma and dad: don't open anything without verifying it was really sent by the sender.

What makes this one even more alarming is that it contains code specifically targeting virtual machines (VMs), the first time I've ever heard of that.  So even running suspicious attachments within a VM may not keep you safe.

No word on if this is an MSM specific threat, or if other clients that talk with MSN (Trillian) are vulnerable too.  But for safety's sake, assume the worst.

UPDATE: Durn attachment fell off.  D'Oh!

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: New MSM Messenger Trojan
« Reply #1 on: November 20, 2007, 09:13 AM »
Hm, contains code that targets VMs...

From changelogs, I gather that it's theoretically possible to break out of at least some versions of vmware... but I suspect "target VMs" simply means it alters behavior when run inside a VM, to make analyzing harder for the malware researchers.

Anyway, I stick to www.miranda-im.org to avoid potential msn-protocol exploits (haven't heard of any though), and I obviously don't blindly click attachments.
- carpe noctem