« Review: Say The Time, A Time Management And Synchronization Tool
F5 Networks Completes BEA Validation Program »

Watch Out For This MSN Messenger Malware

Posted: 22 Aug 2007 | Tags: Security, The Internet

If you happen to receive messages from any of your MSN Messenger contacts similar to these:

Accept dis picture homie

Accept dis picture homieDid you see this picture of Paris Hilton?

Is this you?

…and followed by a ZIP file sent to you; do not open whatever is in the ZIP file. This seems to be one of the newest MSN Messenger worm making the rounds.

I’ve yet to see any information regarding this potential malware. I’ll update if I find out more information. Searches on Symantec and Kaspersky returned nothing at the time of this post.

Update: So far, I had three attempts to send the file to me, and in all instances the file name is imgac157.zip. When I extracted the contents, there’s only one file called img1851.jpg-www.imagehosting.com.

Update 2: This morning (9:00am, 23 August 2007) AVG detected the virus as Backdoor.Ircbot.BAF. It must have been included in the latest definition update.

Similar Posts
Comment Trackback URL Comments Feed

5 responses to “Watch Out For This MSN Messenger Malware”.

  1. cindy Says:
    August 22nd, 2007 at 7:34 pm

    Thanks for the head up! Will keep this in mind!

    (but I hardly chat on MSN anyway.. but it’s better to prevent it, before it happens, kan?) :D

  2. kucau Says:
    August 23rd, 2007 at 9:08 am

    azmeen, can i get the copy of the file ? mail to dr.yusri at gmail.com . TQ

  3. Site Admin Azmeen Says:
    August 23rd, 2007 at 9:26 am

    It’s OK kucau. Already found out the name of the virus. Check out the latest update.

  4. Angie Says:
    August 23rd, 2007 at 5:17 pm

    yesterday had quite a morning coping with IMGAC157.Files are sent thr msn contacts (even if u wont be having conversation)and even if u dont open file
    . I removed the image frm the c drive as well.Deleted & Reinstalled msn

  5. Alejandro Says:
    September 11th, 2007 at 2:12 pm

    Well, it has tried twice to infect my computer. However, the first was img317.jpg-www.imagehosting.com, the next (just 20 min ago) IMG0012.jpg-www.imagehosting.com. It changes names, and seems to be difficult to identify, since it is so recent. AVG found the first time it was a Trojan horse Generic6.RDD. However, it identified it until I unzipped; previous to it, it assured there was no threat.

    It is just about being careful until there is a general solution with every antivirus. I’ve searched and Sophos says every version of its antivirus finds and heals it. However, it is a pay license. Any how, here is the info I found http://esp.sophos.com/security/analyses/w32imparda.html

Have Your Say