Via
MaximumPC comes this alarming news:
A new trojan was discovered in the wild November 19th, that utilizes MSM IM to hoist its greasy, hazardous payload around the internets. Once activated, it scans the victim's contact list and retransmits itself to friends and family, disguising itself as a harmless file attachment that looks like happy friendly fun pics.
Folks around here are savvy enough to know when something looks fishy, but get the word out to grandma and dad: don't open
anything without verifying it was really sent by the sender.
What makes this one even more alarming is that it contains code specifically targeting virtual machines (VMs), the first time I've ever heard of that. So even running suspicious attachments within a VM may not keep you safe.
No word on if this is an MSM specific threat, or if other clients that talk with MSN (Trillian) are vulnerable too. But for safety's sake, assume the worst.
UPDATE: Durn attachment fell off. D'Oh!