Security researchers have discovered a new botnet that can spread via popular messaging applications, including Facebook Chat, Skype, Google Talk, Pidgin, Windows Live Messenger, Yahoo Messenger, and even ICQ.
According to McAfee Research Scientist Niranjan Jayanand, the malware comes as a file called Picturexx.JPG_www.facebook.com.
The cybercriminals send out links allegedly pointing to an interesting video, but when victims click it, they’re served the malware. This is done via Ajax command that makes it look like the message came from one of your Facebook friends.
Once the malware has successfully executed on the victim’s machine,it bypasses the Windows Firewall by using the command line “netsh firewall allowed program” or by modifying the firewall policy to add itself as an allowed program.
A sample copy is dropped into the Windows folder and flagged with system, hidden, and read-only attributes.
The malware does a series of checks for antimalware scanners, Windows updates, and even Yahoo updates and then disables them.
"Fortunately, removing this worm from the victim’s machine is relatively easy. We kill the running instances of this process using Process Explorer or Task Manager. The start-up entry made by the malware must be cleared as well to avoid its reloading after rebooting." Researcher says.