Posted by Virus Bulletin on Jan 24, 2008
Worm changes language to target wide audience.
A new worm has been discovered that spreads through MSN Messenger. Once active, the worm opens random TCP ports to connect to an IRC server and then uses this connection to open a backdoor on the affected machine, allowing an attacker to issue commands locally.
The worm, which researchers at Trend Micro have named WORM_IRCBOT.SN, spreads by sending MSN users a link to a malicious site that downloads a copy of worm. The link is sent with messages that suggest the website contains pictures, either of the sender or of the recipient - for example "do I look dumb in this picture? I want to put it on myspace".
Interestingly, the messages used change depending on the language settings of the operating system, something which will certainly help the malware to spread more easily.
More can be found at Trend Micro here.
Posted on 24 January 2008 by Virus Bulletin
