Galaxy Watch 5 Review Specialty Foods Online 'She-Hulk' Review Disney Streaming Price Hike Raspberry Girl Scout Cookie $60 Off Lenovo Chromebook 3 Fantasy Movies on HBO Max Frontier Internet Review
Want CNET to notify you of price drops and the latest stories?
No, thank you

New version of Yahoo IM worm hits Skype too

Worm targets Windows users on Skype and Yahoo IM, injects malicious links in e-mail, Word, and Excel files, and automatically copies itself to USB drives, Bkis says.

This screenshot shows the different types of messages the worm distributes via Skype and Yahoo Instant Messenger. Bkis

On the heels of a worm that was installing backdoors on Windows systems via Yahoo Instant Messenger comes a new worm that is even more sophisticated in its social engineering and payload, security firm Bkis said on Friday.

The malware arrives via instant message through Yahoo or Skype with any one of a number of messages, including "Does my new hair style look good? bad? perfect?" or "My printer is about to be thrown through a window if this pic won't come out right. You see anything wrong with it?" Bkis wrote in a blog post.

The message includes a link to a Web page that looks like it leads to a JPEG, or image file. When the link is clicked on, the browser displays an interface that looks like the RapidShare Web hosting site and offers up a ZIP file for download. The extracted file is actually an executable file with a .com extension.

The malware, which Bkis has detected as "W32.Skyhoo.Worm," disappears if the computer does not have Skype or Yahoo Messenger installed. It automatically sends messages with varying content and malicious links to contacts in the victim's IM list and automatically injects a malicious link in e-mail messages and Word or Excel files that the user is composing, Bkis said.

The worm also connects to an IRC server to receive remote commands, blocks antivirus software, uses a rootkit technique to hide its files and processes and automatically copies itself onto USB drives to spread, according to Bkis.

This is the page that the malware displays if a victim clicks on the link in the message. Bkis