According to security firm Bkis, a new worm with highly sophisticated social engineering and payload capabilities is now crawling in cyberspace.
The malware is delivered vial instant message through Yahoo or Skype with one of a number of messages including, ''Does my new hair style look good? bad? perfect?" or "My printer is about to be thrown through a window if this pic won't come out right. You see anything wrong with it?", the security firm said in a blog post.
The message contains a link to a web page that appears to lead to a JPEG or image file. On clicking the link the user's browser displays an interface looking like the RapidShare web hosting site and presents a ZIP file for download. The extracted file in fact is an executable file with a .com extension.
According to Bkis the "W32.Skyhoo.Worm," disappears if the computer does not have Skype or Yahoo Messenger installed.
However on other computers, it automatically sends messages with varying content and malicious links to contacts in the victim's IM list. It also automatically injects a malicious link in e-mail messages and Word or Excel files that the user may be composing, Bkis said.
The worm also connects to an IRC sever to receive remote commands, blocks antivirus software, uses a rootkit technique to hide its files and processes and and replicates itself automatically onto USB drives to spread, according to the security firm.
Bkis warns that users of Yahoo Messenger and Skype need to be extra careful before clicking on links they receive from relatives or even friends. Also, users would do well to regularly update their anti-virus software on their computers, the firm says.