New IM Worm On The Loose

Posted by CmdrTaco on Monday October 11, 2004 @11:28AM from the head-for-the-hills dept.

elfarto writes "Techweb is reporting that a new worm that spreads via Microsoft's instant messaging client began badgering users Monday, several security firms said. Dubbed Funner, the worm propagates by sending itself to all the contacts listed in the user's copy of MSN Messenger, Microsoft's IM client. There is an analysis on Symantec Security Response Site; apparently the worm tries to download stuff from www.78p.com and adds entries to the hosts file pointing to more that 400 Chinese porn sites. The worm also sends itself to the whole contact list as funny.exe so it requires the user interaction to actually execute it. "

2 of 407 comments (clear)

Min score:

Reason:

Sort:

Aww by Easy2RememberNick · 2004-10-11 11:33 · Score: 0, Offtopic

Aw man! All I got was the "nothing to see here move along" dammit!
Speaking of internet unpleasantness... by The+Master+Control+P · 2004-10-11 16:08 · Score: 0, Offtopic

Ok, does this worm happen to use port 46204? Because I'm seeing 20 connection attempts a minute like this one go splat against my firewall... WTF is going on?

> Oct 12 00:04:25 server kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= SRC=151.46.155.113 DST=69.224.41.18 LEN=64 TOS=0x00 PREC=0x00 TTL=111 ID=29343 DF PROTO=TCP SPT=1657 DPT=46204 WINDOW=65535 RES=0x00 SYN URGP=0