Security Firm Warns of IM Worm

[ronjor]

Quote:

The latest IM spyware worm, is named Chode-D, is moving rapidly over leading public IM networks, the security center said. The worm has been classified as a "medium risk.

Article

[cleverboy123]

Interesting- You should never open files in IM even if you know what it is !

Better to b safe than sorry !

[Randy_Bell]

WORM_CHOD.D is a non-destructive, memory-resident worm that propagates via email and MSN Messenger. It spreads via email by sending copies of itself as an attachment to email messages,by gathering addresses from the Windows registry of affected machines. It spreads via MSN Messenger by sending a URL to all available contacts in the messaging application. Once the users click the URL, they are immediately redirected to a Web site, where this worm automatically downloads itself. This worm is currently spreading in-the-wild and infecting computers running Windows ME, NT, 2000, XP and Server 2003.

Upon execution, it creates a randomly generated folder in the Windows system folder and drops files in this created folder. It also modifies a particular registry entry to disable the services used by Trend Micro products.

The worm's backdoor capabilities attempt to open port 37737 to connect to a certain Internet Relay Chat (IRC) server. If it fails to open the port, it attempts to open random TCP ports. It then joins a particular IRC channel, where it waits for malicious commands from a remote malicious user. It also tries to use a password recovery tool to retrieve passwords available on an affected system. It can send the obtained information to the malicious user using its backdoor capabilities.

If you would like to scan your computer for WORM_CHOD.D, or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at: http://housecall.trendmicro.com/

WORM_CHOD.D is detected and cleaned by Trend Micro pattern file #2.764.02 and above.