McAfee researchers recently came across botnet malware that spreads through chat messengers including ICQ, Skype, GTalk, Pidgin, MSN, YIM and Facebook Chat.
"The victims receive a message from an unknown user, offering a link to a funny or interesting video," writes Help Net Security's Zejlka Zorz. "If they follow it, the malware in question downloads automatically from the linked site and is executed."
"Once it finds itself on a computer, the threat bypasses the firewall by using the 'netsh firewall allowed program' command line," writes Softpedia's Eduard Kovacs. "It can also achieve the same goal by modifying registries, adding itself to the list of allowed applications."
"Once the malware is on the machine, it can receive commands from a remote attacker," writes The Next Web's Emil Protalinski. "From there, the victim’s computer sends out instant messages via the aforementioned platforms in a constant attempt to infect more PCs, according to McAfee."https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
"The malware does a series of checks for antimalware scanners, Windows updates, and even Yahoo updates and then disables them," writes McAfee research scientist Niranjan Jayanand. "Once a service is selected, the malware runs a routine to disable it. The malware also changes the Internet Explorer start page, and modifies the preference file of Chrome and Firefox."