File index.gif when downloaded by YM software to the IE temporary internet files folder has been detected by Bitdefender 10 with Trojan.Downloader.JS.Agent.OX.( Screenshot 17h 10/6 ).
This index.gif image file is actually an html page embedded (embed) a flash file from the address w.xnibi.com/test.swf . This is the tool used to exploit the latest buffer overflow of Adobe Flash Player software, with the task of downloading a mm.exe file to the YM user computer and activating it.
When successfully run, the mm.exe file will download about . 20 different types of viruses and Trojans to YM user computers, allowing hackers to easily penetrate and hijack the computer.
The impact of malicious code on YM software not only affects Vietnamese users but also in many other countries.
Currently, by 17:30 pm (June 10), VNCERT contacted 6 domestic ISPs and VNNIC, requested to block (block) w.xnibi.com domain names , and contacted cert centers. Yahoo's area and technical department to continue to find the cause, determine the level of vandalism. In addition, the BKIS Virus Prevention Center is also required by VNCERT to participate in analyzing and writing scanning tools, killing the spreading viruses as soon as possible.
Some recommendations for users to prevent virus transmission via YM software:
- Temporarily do not use Yahoo Messenger software installed on your computer. If you need to communicate with the YM service, switch to web services like www.meebo.com or chat directly in the mail.
- Need to update the latest version of Adobe Flash Player software at http://www.adobe.com/products/flashplayer/
- Update antivirus software to detect the latest viruses.
- Keep track of the next information and use the scanning tools, remove viruses spread through this YM error.