FOSTER CITY, CALIF. - September 22, 2006 -
Research experts at FaceTime Security Labs™, the threat research
division of IM and greynet security leader FaceTime Communications,
have discovered a new IM-borne threat targeting MSN Messenger users
with a link that opens up a Web site that leads users to click on a
"virtual card waiting for you." Users who click on this link see an
image of a heart with a poem in Portuguese. The threat, known as
W32.heartworm.a, installs files to steal a user's banking and
personal data. "The perpetrators have made a calculated move to tie
this attack into numerous Web hoaxes, possibly to confuse infected
users looking for help online,"said Chris Boyd, director of malware
research for FaceTime Security Labs. "Not only do they open up an
image of a heart from a site dedicated to tackling online hoaxes,
they also apparently named the attack after another online hoax - a
virtual card for you - that has been in circulation since 2000. In
this case, you really do receive a virtual card, but with a nasty
additional 'bonus.'" The infection spreads by running a file in
circulation on Russian Web hosting sites claiming to offer a
"virtual card" - when the file is run, a picture of a heart
containing a poem is launched, and the infected user will pass the
infection link to their contacts on MSN Messenger with the phrase
"olha o que eu fiz pra vc....curti ai...[url removed]" The files
are related to a certain strain of banking data Trojan particularly
prevalent in Brazil, and are similar to those in the MW.Orc worm
that plagued Google's Orkut social networking site earlier this
year. (http://www.facetime.com/pr/pr060619.aspx)
Wayne Porter, senior director of special research at FaceTime
Security Labs comments, "This is a form of cultural camouflage
which we call 'hoax cloaking'. It is a defensive construct that
adopts the very lore, memes, myth and culture of the Internet to
serve as a self-preservation and cloaking mechanism. People using
trusted search engines to verify the message will find most
reputable security companies and hoax-debunking sites confirm it as
a myth and disregard it as harmless." Boyd, Porter and the FaceTime
research team offer a detailed accounting of the W32.heartworm.a at
http://blog.spywareguide.com. Who is
affected: Users of MSN Messenger instant messaging
service, recently renamed Windows Live Messenger Threat
Type: Worm Risk Level: Medium How
to protect against this threat
The initial file has the potential to infect MSN Messenger's more
than 266 million users worldwide. (Instant Messaging Market Report,
2006-2010, The Radicati Group) Users can protect themselves by not
clicking on links sent to them by other users, even if users appear
on their contact list. Currently, most commonly used anti-virus
programs do not provide protection from W32.heartworm.a. Companies
that use FaceTime Enterprise Edition and IMAuditor and have
auto-update features activated are automatically protected against
this threat. FaceTime also recommends activating the Day Zero
Defense System within IMAuditor. The system utilizes anomaly
detection techniques to analyze multiple characteristics of
IM-borne worms and other malicious code against normal behavior,
and provides patent-pending protection against many IM threats - in
addition to traditional security signatures. FaceTime RTGuardian
customers are automatically protected if they have auto update
features enabled. FaceTime's X-Cleaner customers (formerly XBlock)
should download the latest update and scan their PC for the
worm.
About Actiance, Inc. (Formerly FaceTime Communications, Inc.)
FaceTime Communications became Actiance, Inc on January 11, 2011 following an agreement to
transfer the FaceTime trademark to Apple.
FaceTime Communications enables the safe and productive use of Unified Communications and Web 2.0,
including instant messaging, blogs and social networking. Ranked number one by IDC for five consecutive
years, FaceTime's award-winning solutions are used by more than 1,500 customers for the security,
management and compliance of real-time communications. FaceTime supports or has strategic partnerships
with all leading IM, unified communications providers and social networks including AOL, Google, Yahoo!,
Skype, Microsoft, IBM, Cisco, Facebook, LinkedIn and Twitter.
FaceTime is headquartered in Belmont, California. For more information visit
http://www.facetime.com or call 888-349-3223.
PR Contact Information: