People chat again because of the 'internal' virus of FunniYM

In the afternoon of August 31, 2006, there was a new virus "made in Vietnam" that was spread via YahooMessenger with a tremendous speed. Show that the most popular online chat tool in the world has become an effective tool for bad guys to spread "internal" virus in Vietnamese user community.

Yesterday afternoon, August 31, 2006, a new virus spread through YahooMessenger, threatening Vietnamese users. According to preliminary information, the virus was released on the Internet four days ago, but by the afternoon of August 31, it began to spread strongly. These viruses are distributed via Yahoo Messenger messages in the following form:

Or ne: http:///www.freeweb./funny/funni.exe

Co ma in now ne: http:///www.freeweb./funny/funni.exe

Once the user clicks on the link above, the Funni.exe file will automatically install on the computer. Like the two viruses that spread through chat that VietNamNet warned recently, this virus - temporarily called Funni - will control the YahooMessenger lists in the victim's computer and automatically send the virus distribution links to all the nick. yahoo is in that list.

While the virus is raging, late in the afternoon, another release is much more dangerous.

The installer installs the virus onto a website called http:///nhu.be . When a user accesses this website, the computer will immediately be infected with the virus even if using IE (any version) or FireFox will be infected with the virus. Messages containing website links are also changed to "attract" victims more effectively! People chat again because of the 'internal' virus of FunniYM Picture 1

Glad ': http:///nhu.be.

Hey! What are you doing? The time is at http:///nhu.be.

Eo ơi ma ne`: http:///nhu.be.

Going through the mat . Toan is in now ne http:///nh.be

.

Because the method of spreading and spreading is no different from the two viruses "made in VietNam", Vlove and Xrobots have discovered the recent time. At the same time, the words to trick users into spreading YM messages are also written in Vietnamese meaning, so there are many convincing expressions about the possibility that Funni is also a "made in Vietnam" virus.

This incident once again shows that the information security risks for YM users in Vietnam are too obvious. Most users are too subjective to click on links from familiar nick sent through chat, even if it shows the exe tail. (as in the first version of Funni).

In addition, according to VietNamNet's preliminary observation, cases of being infected with viruses and being exploited to spread the earliest are usually in women. It may be because women often chat more, but the basic sense of computer security is worse than that of men.

Exploiting serious browser vulnerabilities

According to preliminary analysis, the Funni virus is able to infect as soon as the user clicks on the link because it takes advantage of a new security bug in all versions of IE and FireFox. These are the two main browsers used by Internet users.

Virus version released via the link http:///nhu.be generally does not cause serious harm, only hijacking Yahoo Messenger program and spreading the virus to all chat nick at frequency 5 minutes / times.

Information from BKIS indicates that the Center in the process of analyzing the Funni virus has shown surprising results: In the first version of Funni - distributed with YM messages containing links to the website http:// /www.freeweb./funny , the spokesperson has added a feature to this virus to download an extremely dangerous keylog software.

This software will record all user actions on the computer with keylog installed and then automatically send these sensitive information back to the virus distribution website. Up to now, according to BKIS's tests, there has been more than 1200 users' Yahoo! username and password available on the website.

The Center also made a promise to provide the Bkav892 version to kill both the virus versions and publish them on the website.

Of course, sensitive information in the process of manipulating Funni virus victims such as bank account names and passwords, website management, e-mail boxes . may have been exploited. . Please advise, immediately after removing the Funni virus, please immediately change this confidential information if possible!

There is currently no official information about the number of people who became victims of Funni Virus. However, it can be confirmed that this is the virus with the fastest spreading speed compared to the "elder" Xrobots and Vlove, because after about 5 minutes, people receive messages that spread the virus sent from victim machine.

It seems that the measures of deterrence and handling of the competent authorities in Vietnam are not really effective? When the BKIS and C15 stories find and handle distributions of Xrobots and VLove (two types of internal viruses spread through YM) are still hotly transmitted by each other, netizens of Funni still appear. with harm more and more dangerous.

Currently, BKIS has updated Bkav891 version of Funni Virus version 1.

The Phong