Remember the numerous Yahoo!Messenger IMs you receive? The ones that are peppered with links? Don’t click!
Unlike the typical worm that propagates when a user clicks on a link to an executable file contained in an instant message, w32.Kmeth downloads malicious files into the user’s Windows temporary file directory when a user simply visits an infection site using Internet Explorer. When the user visits the infected Web page, the malware uses the PC as a launch pad, immediately sending infection messages to the user’s Yahoo! Messenger contacts. The “status message” in Yahoo! Messenger can also be also hijacked, presenting enticing messages to their contacts, such as “check out my blog.” The use of this additional social-engineering technique is designed to encourage more visits to the rogue Web pages. At the same time, the user’s control panel is disabled, and the home page is hijacked to a Web page that contains text designed to generate maximum revenue through click fraud.
Mag-Firefox na kasi. ^_^
