|
Kaspersky Lab warns about new MSN-Worms |
|
|
|
|
Geschrieben von Sjoeii
|
|
Tuesday, 3. July 2007 |
During the last two weeks there has been an increase in the activity of MSN-Worms: new variants are being detected almost daily. These new MSN-Worms have evolved from the Worms Kaspersky Lab has previously warned about.
The contamination by this worm takes place in several steps. The user will receive a link to a (.com) file via MSN. This file is a Backdoor.Win32.MSNMaker variant, which downloads the MSN-Worm and adware. It is through this adware that the makers of the Worm can make money.
These new MSN-Worms are capable of determining the location of the computer, something that is more common nowadays. This means that a computer located in the UK will receive messages in English, whereas a computer located in the Netherlands will receive Dutch messages. Additionally there is support for French, German, Italian and Spanish. Moreover, deviated messages are sent when the computer is located in Belgium. In some cases this can actually pass as Flemish.
"The social engineering in these new MSN-Worms has been refined, and with clear results” according to Roel Schouwenberg, senior anti-virus researcher for Kaspersky Lab Benelux. Additional to the fact that these worms take the language of the receiver into consideration, the criminals behind this malware register specific domains to increase the chances that the respondent will click on the link. “For almost every worm a new domain is registered” says Schouwenberg. The files are usually named photo(number).com. Because of this the extension is perceived by most people as an extension of a website and not a file.
Kaspersky Lab advises people to be extra perceptive when receiving MSN messages with strange URL. In case you have found a new variant, please send the link and/or the file to
Diese E-Mail Adresse ist gegen Spam Bots geschützt, du musst Javascript aktivieren, damit du sie sehen kannst
|
|
Letzte Aktualisierung ( Tuesday, 3. July 2007 )
|
News 
