Technovice.net

Worm Spreading Using MSN Messenger

Tuesday, September 26. 2006, 09:47 PM


Another threat to Msn Messenger users, this time, according to Kaspersky, the worm is sent using a link, an innocent looking link, with a .PIF extension. What's worst is that, people will receive this links from their IM friends, which they trust and have almost no reason to doubt the link. Well, now you need to think again before you click on the links that you get. The extension of the file comes in a few variation, but all are the same, still worms.
Though Microsoft has filtered the .pif extension, but it is case sensitive, so the worm writers got smart and toyed with this flaw, using .PIF or .Pif or other variation instead, from Kaspersky:
So the criminals used capital letters, ".PIF" and the network filters let the message flow right through. Other variations like .Pif, .pIf, and so on also work.
If your IM friend is already infected, there is very little that you can do to stop the link from being sent to you, but there are a few precaution steps that i would suggest to prevent the worm from getting into your system. Use IM in a Virtual Environment This is at the moment, my best suggestion. It may require a little extra effort for you to activate the IM in a virtual environment, but i really believe it is better to be safe than sorry. Using IM within a virtual environment decreases your percentage of getting worms like this one into your system ,down to nothing. Any worms that tries to infect your PC will be stuck in the virtual folder. If you would like to learn more about Virtualization, read this : Read Virtualization Article. Ask Ask your friend whether the link is legitimate, just make sure it was a human that sent you the link, not a bot. Sounds a bit silly for some people to do this, but there is not harm from asking, there is a lot of harm that follows a worm though, if it infects your PC :-) Skip the .pif file and it's variations Well, this is just common sense, but i still wanna point it out. Microsoft must have good reasons for filtering out this extension, it is best if you follow them. Just in case one of your friend is trying to prank you because you didn't invite him/her to share pizzas with you the other night. By following the three suggestions of mine, hopefully none of you will get infected from this notorious worm (i am hoping i won't get infected again this way, once is more that enough :-)) Read the original article from Kaspersky : Read Original Article
Posted by jumanjisama in Security
Comments (4) | Trackback (1) | Permalink

Trackbacks
Trackback specific URI for this entry

Worm Attack - From Internet Explorer to Yahoo Messenger
There is a recent worm breakout for Yahoo Messenger (YM) users. As usual, the worm exploits the link usage in YM. If infected, the worm will send links to your buddy network, other than that, it also takes advantage of the status mode in YM, making a rea
Weblog: Technovice.net
Tracked: Oct 07, 21:16

Comments
Display comments as (Linear | Threaded)

Amanda on 2006-10-19 00:02 | Reply
its evil, it pops up like one of your friends found a bad pic of u on the net and you of course click on it. buy then its to late and youve got the virus...i think its called trojan anserin....in other words i clicked it and it really messed up my computer...:(
jumanjisama on 2006-10-19 01:51 | Reply
So pitiful :-( ... well, take this as a lesson ok! next time be more cautious with the links you get from you IM friends. Damn those malicious code writers !!! :-)
Bree on 2006-10-23 16:36 | Reply
Hey..Unfortunately i was unaware of the msn worm that was going around and i clicked the link. My computer is now infected and i have tryed numerous options in hope the worm would be deleted, unfortunately none of them have worked. I was wondering if you know of any free downloads that i could try in hope of getting rid of it. Its really annoying as it is sending it to all of my friends, i just don't want to be blamed by them. Hopefully you can help thanks bree
jumanjisama on 2006-10-23 17:09 | Reply
Hi Bree, this is a bit of a tricky problem as this kind of worms are quit hard to detect by any normal or free software. But i would suggest you to do as below, hopefully it would help to solve your prob: 1. Make a clean uninstall of your MSN messenger, delete all of the folders that remains after the uninstallation 2. Delete all of the content in your Temporary Internet Folder 3. Uninstall your Internet Explorer If you are unclear about any of this steps, just contact me, and i will email you personally and probably give some other suggestions in case this method doesn't work for you :-) good luck! p/s: when you are done, you can reinstall back both the application you just uninstalled :-)

Add Comment






To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA
Theme Pimped By Jumanjisama Originally By Abdussamad Abdurrazzaq
This Blog Is Proudly Powered By Serendipity