[TinFoilHatMan]

Instant messaging programs are used at home, at work or on the road and they're a great way to keep in touch with friends/family, meet new people or just waste time. They are fairly easy to figure out, and people of all ages are on them. The most popular ones are Yahoo! Messenger, Windows Live Messenger (formerly MSN messenger), ICQ, AIM (AOL Instant Messenger). Most feature file transfers, webcam and voice functionalities, as well as traditional text chats.

Every now and again, we hear about the dangers of online predators who, under fake identities, try to lure kids into giving them personal information and more. That is definitely a concern for all parents to have. Kids don't always realize that there are disturbing and sick people out there, looking for their next victim.

Parents should not only be concerned about their kids, but also themselves or anyone for that matter.
Instant messaging is a very easy way for a person to spread malicious programs very quickly. In a sense it can be compared to email with malicious file attachments or dangerous spam. Both rely on social engineering techniques, which is basically using tricks (free stuff, **** etc.) that people will fall for.

In our SWAT department we researched a little bit how this all works. We created a “bait” account, which allowed us to advertise ourselves under a typical identity. Rapidly, we had a lot of people adding our profile to their friend list. Soon, the trap worked its magic and we received our first message:

http://blogs.paretologic.com/malware.../03/imgzip.png
Figure 1: Infected file transfer

The file sent to us was zipped and contained a Trojan. The kind of program that can infect your PC in many different ways such as installing a keylogger to secretly capture your keystrokes, or modify your Internet browser to redirect your searches to an affiliate site. You may assume that whoever sent you this instant message is evil. Well, in most cases they didn't. There very well may have been no one in front of the computer. An already infected machine can send spam and instant messages automatically, without the user's knowledge. This is called a Bot, a compromised PC part of a group of PCs (a Botnet), participating into illegal activities.

Another social engineering technique is to send an IM with a link to a malicious website. We also received one sample that we analyzed:

http://blogs.paretologic.com/malware...mmalicious.png
Figure 2: IM with malicious URL

The trick is to have the person click on the link to see the promised naked photos or whatever the bait is... The site in question hosts malware, and will infect most users' PC with a drive-by download as they land on it.
Our study would not be complete if the entire infection process wasn't exposed. Our test machine got infected, and to our surprise and “excitement” we noticed we were sending to all our good contacts the same malicious link!

Of course, we quickly stopped this because our experience was successful enough and we did not want to be part of a botnet.

Jerome Segura

[Iceman]

I've experienced this issue before.. the 'You'll love this!!' with a URL or a JPG 'EXE' file attachment One common-sense way to tell if it is legit is to ask the person why they sent it. If you never get a response, it's almost certainly a 'bot' message.

[JSegura]

Good call Iceman.

Also, you may want to tell the person who sent it to check their PC because it may very well be part of a botnet

[DarkClow]

hi there guys i would like to know how to remove them has i recived 1 from my friend it was ligit cause he was online telling me to download his picture in a secound cause i asked for one but 2 of them poped up 1 was double zipped 53-58 kb and the other was 2 mb so we all know witch 1 i would open but for some reason my lil brother (an ***** now) decided to open that one image_XXX.zip inside was another image_XXX.zip then a file called image_XXXPNG and the file type was ms dos.

so any help would be great i tryed the website
msnvirusremoval and that site is not inuse keeps on giving me an error and i tryed the registery keys but i cant find luck please need help asap i temp closed off my msn but want to use it soon thanks