PCTips Box

Windows Live Messenger accounts for the largest community for any IM client worldwide. At the end of 2007, in November, as Microsoft was unveiling Windows Live 2.0, the next generation of its suite of software and services in the cloud, the company estimated that Windows Live Messenger had an install base of approximately 300 million users. In this context, it failed to come as a surprise the fact that Windows Live messenger was the most attacked instant messaging platform in 2007, according to statistics provided by FaceTime Communications. And with such a high profile, it is bound that the trend will continue into 2008.

Roger Halbheer, Chief Security Advisor Microsoft EMEA, informed that the company was tracking a new Trojan that is currently spreading via Windows Live Messenger. Halbheer however failed to specify the versions of Microsoft’s instant messaging client that are impacted by the malicious code. As such, all users of Windows Live Messenger should consider themselves at risk because of the new threat.

“Worm:Win32/Pushbot.BD is a worm that spreads via MSN Messenger and AIM when commanded to by a remote attacker. This worm contains backdoor functionality that allows unauthorized access and control of an affected machine,” reads the description of Win32/Pushbot.BD as posted on the Microsoft Malware Protection Center. “Worm:Win32/Pushbot.BD can be ordered to spread via MSN Messenger and AIM by a remote attacker. It sends a message to all of the infected user’s contacts. The message is provided by the controller via the IRC backdoor, and it has been observed to include a URL pointing to a copy of the worm executable on the domain ‘www.mymsnpics.net’.”

Once it has compromised a Windows copy, Worm:Win32/Pushbot.BD proceeds to make a copy of itself in %windir%svchost.exe. The file is then modified and set with the following attributes: read-only, hidden and system, making removal not an easy task. Additionally, the registry is modified so that the worm is executed at Windows start. These details reveal that users running Windows Vista with standard privileges and the User Account Control enabled are protected from the malware. Under Vista with standard user privileges, Win32/Pushbot.BD will not be able to write itself in the protected areas of the operating system, nor to modify the registry without explicit user consent.

Related posts

• Windows Vista and Malware Immunity (0)
• Windows XP Infections Coming by Email (0)
• Windows Vista: An FAQ for Nonprofits (0)
• Windows Media Player Infection Sends Users to QuickTime (0)
• Windows Malicious Software Removal Tool (0)
• Updates and Task Manager Disabled by New Windows XP Worm (0)
• Simple Tips for a Safe Christmas (2)
• Scan Your Computer For Free (0)
• iPhone May Get Infected too (0)
• 3 Security Features to Help Keep Your PCs Safer (0)
• XP Service Pack 3 Goes Live (2)
• Windows Vista SP1 RTM Optimized Desktop (0)
• Windows Vista and Mac OS X Share Security Threats (0)
• Windows Defender Says Alexa is a Trojan (0)
• Windows Defender for vista (0)
• What Else is New in Windows Vista SP1? (1)
• What are the Best Tools for Removing Spyware, Adware, and Malware? (0)
• Vista: Use Defender to Monitor and Disable Startup Programs (7)
• Vista SP1 Solution Accelerator (1)
• Vista SP1 Bundles Broken Random Number Tool (0)
• Vista Activation Succumbs To Brute Force (0)
• Virtually Infallible Protection (1)
• User Account Control for vista - TweakUAC (0)
• Uninstalling Internet Explorer 8 (0)
• TweakVista Utility 1.10 Released (0)