Archive for March 2011
This afternoon, I’ve seen what I assume to be two of my contacts on Yahoo infected by some kind of trojan/worm hijack, and a type I’ve not come across before.
It’s very common on Yahoo IM at least to have random users attempt to add you, if you accept a chat bot will attempt to send you a link to their “webcam” or similar and if you click, you’ll probably get some kind of drive-by download infection.
The attack attempt I saw today is different. The virus hijacks the Yahoo Instant Message client and sends out a chat stream to people you already know on IM. So rather than seeing the obvious chat bot from a random user who’s just added you, it comes from someone you already know. Scary and dangerous.
Here’s a transcript of the chat script … I didn’t realise it wasn’t my friend until the link showed up. I bet many unsuspecting people do click through:
contact: you there?
contact: will you do me a quick favor and take an IQ quiz for a project im doing?
me: haha sure
contact: I need to see how many people out of my friends get over a 115.
me: what’s my prize?
contact: just go to http://nastytrojanvirus.com/?invitecode=dxk4infa79 and take the test.. if you do ill owe you big time.
me: yeah, don’t think I’m clicking that somehow
contact: please let me know what score you get. thanks so much
me: rest assured I won’t
contact: im going to go cook while you do it
me: what does a bot cook?
contact: BRB, let me know your score when im back!
me: bot bot bot
The link it sends appears to go to a slightly different domain each time (the first was to iqtestingkoia, the second to iqtestinghiki3)
It’s also interesting that the bot appears to both initiate chat sessions and respond to them. The first time I saw the attack attempt, the chat was initiated by the bot. But the second time I saw it, half and hour later, I initiated the chat session with a friend I just saw come online.
Anyone else seen this?