Yahoo! Messenger Gets Virus

A new threat emerges that uses Yahoo! Messenger as its way of spreading. Find out more in this post.


A Virus Uses Yahoo! Messenger


Did anybody receive a weird looking instant message that has the link freewebtown.com/gaigoitanbinh/index.html* in it? Be warned, this is a type of a virus. Apparently, the virus uses Yahoo! Messenger as its way of spreading.



More and more users of Yahoo! Messenger, or YM, have been receiving suspicious instant messages from their contact lists. It contains characters not found in the English alphabet, so it is presumed to be Korean or Japanese. The message also include the link freewebtown.com/gaigoitanbinh/index.html*. The sender of the message does not now or are unaware that these messages were sent using their account information. Forums are abuzz with questions regarding the problem in the last few weeks of October. Most answers are about viruses - that a new virus is using this technique to spread out.

Typical sign that the virus has infected the computer is frequent messages that contain the link above*, either when you are online, or as offline messages. Using social engineering, the virus spreads to your contact list by providing them the link. Recipients would think this is a cool website, since they know that a contact sent the link.

Messages seems to be random and contains corrupted characters. You may see them as:

Bé gái b? gi?t, xâm h?i tình d?c freewebtown.com/gaigoitanbinh/index.html

S?ng nh? máu ng?a và th? freewebtown.com/gaigoitanbinh/index.html


They can be sent when you are online, or as offline messages, and at regular intervals, like every 5 minutes. Senders are unaware that these type of messages are being sent. Some reports even say that it also causes the link or message to be pasted on their Microsoft Word document.

More information about the problem here:

BigBlueBall Website
http://www.bigblueball.com/forums/yahoo-messenger-support/41366-hai-d-u-freewebtown-com-gaigoitanbinh-index-html-messanger-error.html


BigBlueBall Forums
http://www.bigblueball.com/forums/yahoo-messenger-support/41336-help-somebody-hacked-my-account.html


Yahoo! Answers New Zealand
http://www.bigblueball.com/forums/yahoo-messenger-support/41336-help-somebody-hacked-my-account.html



Other websites that requires additional language packs.

There are no news from Yahoo! regarding any patch to fix this vulnerability as the infection size is still small.

So, keep your enemies close, but your Yahoo! Messenger contacts closer. The best way to avoid this type of attack is to spread the news - don't click the link (hey, it rhymes) - to avoid further increase of infection. Others suggest to use the Web Version of Yahoo! Messenger to prevent contact with the virus.

*Although no site has confirmed that this is a virus, do not, under any circumstances, try to open the link, freewebtown.com/gaigoitanbinh/index.html to avoid infection. At least you want to play it safe. And any temptation to click the link proves the virus' capability of social engineering - urging people to see what the link contains


Story:
Copyright 2007 by Sonicsoft Corporation
All Rights Reserved