We’re not trying to add to the general internet paranoia present in today’s online ecosystem (not to say it isn’t warranted). Having said that, knowledge is power and the more we know about the threats out there, the better we can protect ourselves. Since most of us are connected to the internet in some capacity at all times, contracting a virus isn’t exactly difficult. Especially with the popularity of social media, it’s a wonder there hasn’t been a piece of malware that took advantage of the large number of instant messaging services before now.
This particular nasty bit of software sets itself apart from its predecessors with its impressive ability to spread using many different IM systems. Google Talk, Facebook Chat, Skype, MSN Messenger, Yahoo Messenger, Pidgin, and ICQ (if anyone still uses it) are all vulnerable to the bot.
No doubt due to its enormous number of users, Facebook is the initial point of contact with a vulnerable PC. The malware usually carries a file name like “Picture.JPG_www.facebook.com”. The botnet sends users a seemingly interesting video link, sifting through their friend list with an AJJX command in order to make the link seem like it comes from a friend, family member, or coworker. According to McAfee, if that first user clicks on the link then the malware is able to gain a foothold in their computer. From there, a remote attacker can send commands to the malware and direct its actions. Using the list of IM clients above, the infected computer attempts to entice more contacts into clicking the video link so it may spread even further.
It has a few more tricks up its sleeve as well. It can bypass your Windows Firewall by using the command line or adding itself to the list of allowed programs. The malware then adds itself to the list of programs opened at start up. A copy of the malware is dropped into the Windows folder, hidden, and marked as read-only. Be sure to check your Public folder, Windows folder, or Program Files folder for “mdm.exe” if you’re worried you’ve been infected. And finally, to make sure it’s safe and sound, the malicious software checks for and disables any antivirus software, Yahoo Updates, and Windows updates. The Internet Explorer start page, along with Chrome and Firefox’s preference files are also modified to give the malware easy access to its needs.
Fortunately, if you know a bit about computers, the malware can be easily vanquished. You simply need to kill any instances of the virus in Task Manager and remove the start-up entry to avoid having it reload with the next computer restart. Alternately, McAfee’s Scan and Repair tool should do the trick. For now, just be extra careful when opening video links that seem a little suspicous even if they’re sent by your closest friend. If you’re extra paranoid, you could always call them up and confirm they really sent it.