24 January 2008
The IRCBOT-RB Trojan disguises itself as a message containing links to pictures on social networking sites such as MySpace and Facebook. Typical messages involve messages such as "Wanna see my pictures before I send em to facebook?". Clicking on a link takes users to virus ridden websites.
Unusually, the polyglot malware changes these messages according to the language of the affected operating system used. Compromised machines are infected by a simple bot agent that leaves the hardware hooked up to a central control server, awaiting instructions.
Anti-virus firm Trend Micro recommends users to avoid the temptation to follow any links or pictures sent via MSN Messenger (unless you are sure of the origin) and to be suspicious of messages which refer to the use of social networking sites.
Other malware/spyware news shows that according to Trend Micro it took less than a day for VXers to re-direct users who want to find out more about Brokeback Mountain actor Heath Ledger's untimely death to sides harbouring malware. The attack replicates early attempts to populate Google search results with links to maliciously constructed sites.
Keep up to date with industry and Nomensa news by signing up to Nomensa newsletters.
