Instant Messenging: September 2007 Archives

There seems to be a new MSN Virus doing the rounds, in the (now common) guise of a .zip file which (of course) harbours a malicious executable.

In this case, the .zip file has a handily recognisable name:

tanya2.jpg

Check out what happens to your PC if you run the file:

http://blog.spywareguide.com/upload/2007/09/tanya6-thumb.jpg
Click to Enlarge

The machine is pretty much buried under a 100% CPU load - if you ever wanted to experience Bullet Time, here it is minus the backflips and machine guns. Here's an example of the kind of messages you can expect to be sent from an infected user:

http://blog.spywareguide.com/upload/2007/09/tanya8-thumb.jpg
Click to Enlarge

With regards spread, it seems to be fairly low at the moment. The handful of infections we've seen so far include a number of forum-goers in Singapore and Japan, and a handful of people asking for help in Italian. The messages sent via the infection file seem to be fairly limited, and include:

"Who is this girl?"

"Do you remember this girl? I can't believe she took this pic..do you know her?"

"Who is this girl? She said she likes you :D"


We detect this (unsurprisingly enough) as TanyaBabe.

Research Summary Write-Up: Chris Boyd, Director of Malware Research
Additional Research: Deepak Setty, Senior Threat Researcher
Additional Research: Peter Jayaraj, Senior FSL Senior Threat Researcher

Pages

About this Archive

This page is a archive of entries in the Instant Messenging category from September 2007.

Instant Messenging: August 2007 is the previous archive.

Instant Messenging: February 2008 is the next archive.

Find recent content on the main index or look in the archives to find all content.