…with Yahoo! 360, that is. Trend Micro has just detected WORM_SOHANAD.AK to be spreading in the wild. Similar to its predecessors, it mainly propagates through instant messaging applications like Yahoo! Messenger, AOL Instant Messenger, and Windows Live! Messenger. Its routine’s also basically the same: SOHANAD sends an instant message (in Vietnamese) containing a link where the worm copy can be downloaded. What is interesting to note about this worm, though, is that this time, one of its URL links points to a Yahoo! 360blog. Yes, as in Yahoo!‘s very own social networking site.
Now, whether the said blog itself hosts the worm copy, or it just redirects users to the real malicious site, it doesn’t really matter. What matters is the fact that by adding another element like social networking sites in its equation, SOHANAD is once again looking for new social engineering techniques that will effectively trick users into downloading and executing its copies.
Add the fact that this has been the second attempt by a malware to use or target these friend-of-a-friend sites in just two days — what with MySpace getting hit by JS_QSPACE.A— it sure looks like malware authors are starting to focus on a new propagation vector…