As Halloween comes to a close, spirits and ghouls are already finding their way back to their crypts, but another WORM_SOHANAD variant haunts Yahoo! Messenger.
Trend Micro is able to detect the in-the-wild WORM_SOHANAD.AC. It bears the same instant messaging and registry modification routines as its predecessors. It also reportedly connects to a Web site that exploits a vulnerability in Microsoft Data Access components ( MS06-014).
Curiosity killed the cat, and YM users best remember this before clicking the link in any of the messages below, which this worm spreads around:
- check out my new personal website : http://{BLOCKED}termex.com c0ol !!!
- damn, she is so cute :x http://{BLOCKED}l-school.org/?id=miss_world :x:x:x:x:x
- have you ever seen such a silly man like this ? http://{BLOCKED}l-school.org/?id=stories =))
- look at my new lover : http://{BLOCKED}termex.com/darling.jpg :x:x
- the only way to clean some online viruses that may lead you into troubles : http://{BLOCKED}termex.com/?id=ie_protector
Considering the malware family’s infection success in recent weeks, this particular variant is probably not going to be SOHANAD’s last ‘boo’.