We have ourselves another worm, actually two. They are both IM (Instant messaging)
type worms. What happens is a message pops up in AIM (AOL's instant messenger)
or MSN (Microsoft's Instant messenger) and tells you that you have a very bad
virus on your computer. It then offers you a link to click on to get an update
which will solve your problem. Quack!
Of course, clicking on the link installs the worm, which proceeds to do nasty
things to your computer. The Worm called "Hotmatom" deletes files
at the root level of the A:/ and C:/ drives, then assigns those deleted filenames
to copies of itself.
It also appends text to any future Microsoft Hotmail email messages sent by
that computer; the text, which can be in either Spanish or English, includes
links to the same malicious code.
Maniccum, opens a backdoor on that PC and tries to disable security programs,
including anti-virus and firewall software.
The backdoor, which accepts commands from the attacker via IRC, can be used
to access files, update the worm, upload more malicious code, send additional
AIM and/or MSN messages, and launch denial-of-service (DoS) attacks.
If the message is coming from an infected friend, it could look like your friend
is the one sending the message, so be careful on your IM clients, and be wary
of any offered links.
Both companies are currently trying to find fixes for this problem.
This article may not be copied or distributed in part or in full from this site and is copyright D24 Media Limited.
|
