[Steve]

A new Trojan horse started to spread at the weekend via Microsoft's instant messaging client MSN Messenger. It is claimed that it has already infected around 11,000 PCs. Aladdin Knowledge Systems Ltd claims that six hours after it first found the Trojan horse the total number of assembled bots (compromised machines) was about 500; three hours later, that had climbed to several thousand. By 19 November, the botnet had been built on 12,000 machines. Having captured these machines, the next step would be to
activate some malicious activity via these machines - possibly the sending of bulk spam or a denial of service to a target site on the Internet. The files are infiltrating new systems by using known contacts from which the Trojan has harvested instant messaging names, as well as from the systems of unknown users.

The as-yet-unnamed Trojan horse began hitting systems about 7 a.m. EST on 18 November. Users of Microsoft's Windows Live Messenger instant messaging program receive a message that includes spoofed Zip files, such as one named "pics" that is actually a double-extension executable in the format "filenamejpg.exe" or a file labelled "images" that in reality is a .pif executable.

It can also propagate via virtual network computing (VNC) clients, the term for remote control programs used to access one computer's files and desktop from another. Once the Trojan horse has installed itself on a PC through IM, it can sniff out a VNC client, then use it to infect a remotely controlled system, perhaps one inside a corporation's firewall.

In September 2007, Microsoft forced users of its older MSN Messenger software to upgrade to Windows Live Messenger 8.1 to prevent a vulnerability in the older program being exploited.

It is recommended that you avoid opening unexpected attachments Instant Messages from known colleagues. Check first with them that they are genuine attachments intended for you.