We’ve heard of emails spamming links to download a worm, now we
have a WORM link being spammed through AIM.
This link is currently being spammed on AIM,
http://{blocked}rs.i989.net/indx.php, which is actually a copy of
WORM.
We already gave the downloaded file to the service team for
detection, ill update this later for the name.
Update
I just received a reply from the service
team. The download file “indx.php” will be detected as
WORM_OPANKI.AD.
team. The download file “indx.php” will be detected as
WORM_OPANKI.AD.