Risk: Low
A new instant messaging worm that masquerades as Apple's iTunes application and drops adware on infected Windows PCs has been found.
The pest is a new version of the Opanki worm and spreads using AOL Instant Messenger. It was first discovered on July 14 and isn't currently spreading at a high rate, according to Bruce Hughes, a senior antivirus researcher at Trend Micro. "It isn't infecting people at a high rate," he said.
The worm, dubbed Opanki.Y by Trend Micro in its advisory, arrives in a message with the text: "This picture never gets old." It includes a link to a file that when downloaded is installed as "ITUNES.EXE," possibly to trick people into thinking that it is associated with Apple's popular media player. If it runs, the worm opens a back door on the infected PC and downloads and installs four adware applications, Trend Micro said. Adware is software that displays pop-up advertising on a computer screen.
"We are seeing more worms and viruses that are dropping spyware and adware," Hughes said. "The virus writers get money for every install." In addition to Opanki.Y, a worm called IM.Dynu hit users of AIM and MSN Messenger about a week later. It infects PCs via email, the Web and instant messaging services, IMlogic said in an advisory. The Web addresses it uses in the instant messages can differ and so does the payload, the security company said.
The advice to instant messaging users is to be careful when clicking on links in messages even when they seem to come from friends and to use up-to-date antivirus software.
Sources: http://news.zdnet.co.uk/internet/security/0,39020375,39210072,00.htm http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_OPANKI.Y