The trojan increased its bot network from 500 infected PCs Sunday at noon EST to more than 12,000 by today at 2 p.m. EST, said Ofer Elzam, director of product management at Aladdin Knowledge Systems.
The trojan is believed to be the first of its kind to scan for Virtual Network Computing instances. It appears to be a ZIP file, containing pictures from a buddy list member, Elzam said.
“You would receive the file from someone on your contact list, someone that you know, asking if you want to receive some pictures,” he said. “Most people don't think twice before launching it.”
Elzam added that cyberattackers may have chosen to spread the malware via MSN Messenger because the application has a broad international reach and arrives on new PCs.
“I think that, in general, MSN is used more [than AOL Instant Messenger or Yahoo Messenger] in businesses and is more global. Many times we see these people do not operate from the United States, so they go with what they know better,” he said. “I think today that because MSN Messenger comes with every new PC, attackers will target it more.”
Akonix, a San Diego-based messaging security vendor, announced last month that it had tracked 22 malicious code attacks over instant messaging networks during October, as well as a 50 percent increase in threats on peer-to-peer networks.
Don Montgomery, vice president of marketing at Akonix, told SCMagazineUS.com today that John Schiefer, who agreed to plead guilty earlier this month to using botnets to steal PC users' personal information, created his network of zombie PCs via AOL Instant Messenger.
“It's the same kind of thing,” he said. “You can build a botnet through instant messaging – the risk is there, just the visibility [of this trojan] or the knowledge about it has been very limited.”