“Worm.Ckbface.adj” spreading via Yahoo Messenger

A “Worm.Ckbface.adj” is spreading via Yahoo Instant Messenger ,that tricks people into downloading what they think is a pictures from a friend but is instead malware that installs a backdoor on Windows systems and spreads to a victim’s IM contacts.

The worm arrives via a message from a contact with the word “picture” or “pictures” along with a link to a Web site resembling a Facebook page, MySpace page, or some other page where photos might reside.

If the user clicks on the link,the executable will download and if the user runs the file, the computer will become infected and the malicious message will be distributed to all of the IM contacts.

Once run, the worm copies itself to %windir%jusched.exe and turns the computer into an advertising cash cow for some enterprising malware distributor.The Worm modifies the active browser’s home page setting to a malicious page on domredi.com.

We recommend that any Yahoo Messenger user who receives a suspicious instant message with a link first IM their friend to ensure the message is legitimate before moving forward. Users should not download executable (.exe) files that are sent through Yahoo Messenger.

Thanks Mahesh.