If you receive this instant message through MSN, for heaven’s sake DO NOT CLICK IT:
<friend> says: Hey, isn’t this YOU?? :S http://email@example.com
Clicking this message downloads a virus onto your computer (except that the link above goes to VirusTotal’s results for the file). This virus appears to take control of MSN and send the same message to everyone on your friends list. However, it may do other virus-like things on your system. I’m not running Windows so I can’t see the full effects, but the person who sent it to me is now contemplating a full reformat of their hard drive to eliminate the infection.
If you have any further information, please leave it in the comments.
- Who is mainmsn.com? There’s scant information on the internet.
- The downloaded file name is PIC006.JPG-www.photoshare.com. Besides program code, the file contains a section of HTML code that appears to display a hardcoded error message:
- “Warning: fopen(cnt) [function.fopen]: failed to open stream: Permission denied in /home/a7095595/public_html/images/viewimage.php on line 9″
- What does the virus actually do? Among other things, the payload seems to contain a variation of the IRCBot worm, which causes your computer to monitor a remote IRC channel for commands from a hacker. Depending on the commands given, this could have dire consequences.
- How does the infection happen? My friend had to run the file, not merely download it, but use caution if you do decide to download a copy.
Here’s an object lesson in security: trusted sources are the most dangerous attack vectors. This virus - in the grand tradition of the ILOVEYOU virus - relies on personal relationships and trust to make people perform a typically dangerous action unawares. Keep your shields up and beware random messages!