03 May 2010 @ 11:58 PM 

Employees in my office, like most of us, use Yahoo Messenger (besides email) to communicate between each other. Especially to communicate between different buildings and cities. So, Yahoo Messenger is somehow a must in almost all computers in my office.

Today just like everyday at office with my routine activities. Sending files and giving IT support to the users. Suddenly one of the supervisor in Medan (north Sumatra) outlet sent me a message that looks like this picture.
20100503 223934 thumb Remove the newest variant of Yahoo Messenger virus

 

 

 

 

 

 

 

The first time I see it, I know his computer has been infected by a Yahoo Messenger virus. So I  ignore the message, close the window, and continue doing my work. I thought I’ll deal with him later. But only a few minutes after that, I received another private message from another staff in other building, which looks like this picture.
20100503 223822 thumb Remove the newest variant of Yahoo Messenger virus

 

 

 

 

 

 

 

OK, this is another infected computer. But were those two computer hit by the same virus? I don’t have a clue that time.

After those two “attacks”, a series of more “attacks” coming from more infected systems. This is how they looks.
20100503 223553 thumb Remove the newest variant of Yahoo Messenger virus

 

 

 

 

 

 

 

From the three pictures above, we can tell that the link or URL in the messages are different. But they have the same similarity. All the three of them, open the same file image.php file. It looks like a social engineering to me. The creator of this virus know that people tend to be curious when someone send him / her a link to their pictures. It is a bait to draw more people to click that link and get their system infected by this virus for doing so.

Like prior variants of Yahoo Messenger virus before this, when one clicked those virus links, his/her yahoo messenger will silently start to broadcast these kind of messages to all the contact in his/her yahoo messenger. This is really annoying and endangers your friends computer when they don’t know that the message (with the evil URL), and curiously clicking them.

This is the list of the message that this virus broadcast

foto: http://margaretiamges.com/image.php
foto: http://beautyphotoson.com/image.php
foto: http://photos-fb.com/image.php
foto: http://facebook-lmg.com/image.php
foto: http://lmagesbucket.com/image.php
foto: http://facebook-lmages.com/image.php
foto: http://facebook-imb.com/image.php
foto: http://lmb-space.com/image.php
foto: http://myspace-imb.biz/image.php
foto: http://lmages-space.com/image.php
foto: http://yungimages.net/image.php
foto: http://mimapic.com/image.php
foto: http://post-photos.com/image.php
foto: http://limpskr.com/image.php
foto: http://kompnk.com/image.php
foto: http://yunphotos.net/image.php
foto: http://domeimg.com/image.php
foto: http://vertiphotos.com/image.php
foto: http://twittersphoto.com/image.php
foto: http://myphotoarchives.net/image.php
foto: http://mycomimg.com/image.php
foto: http://funwiththisguy.com/image.php
foto: http://red-myspace.com/image.php
foto: http://ariafotos.com/image.php
foto: http://zhelefun.com/image.php
foto: http://tviceimg.com/image.php
foto: http://tuesimages.com/image.php
foto: http://ceceliaimg.com/image.php

foto: http://wallerimages.com/image.php

If you get a message from your friends or families, with any of the link listed above, tell them to sign out from their yahoo messenger and sign in to http://webmessenger.yahoo.com , then download ComboFix and run it immediately in their computer. They only need to click I Agree, and then keep click next until it finish scanning. Then after that, they must restart their computer. Done. No more annoying yahoo messenger virus. zz 3 Remove the newest variant of Yahoo Messenger virus

Posted By: LiveDeviL
Last Edit: 04 May 2010 @ 12:07 AM

EmailPermalink
Tags


 

Responses to this post » (2 Total)

 
  1. nil says:

    my OS is windows 7 64-bit and i can’t find combofix for that,i downloaded it but it’s not compatible. anything else i can use instead?

    LiveDeviL Reply:

    @nil, hmm… try Norman Malware Cleaner. I think it will works on Windows 7 64bit. :)

Post a Comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

 


 Last 50 Posts
Change Theme...
  • Users » 1
  • Posts/Pages » 30
  • Comments » 124
Change Theme...
  • VoidVoid « Default
  • LifeLife
  • EarthEarth
  • WindWind
  • WaterWater
  • FireFire
  • LightLight