Gtalk-Google Talk "Virus" Reports In India - Actually its a Windows Malware

8.12.09
I just read a local newspaper reporting "Google Talk (gtalk) Spreading Viruses". The fact is the spread of a malware identified as WMISMQC.EXE . It is not a "Virus" anyways this file is identified as a rootkit malware.


The malware is reported to be spread using messages like

" Could I upload this photo to my blog? Do you think it will be good?
http://srv057.imageshares.info:88/DisplayP...hoto009.JPG.zip
"

  
(as reported here )

http://srv057.imageshares.info:88/DisplayP...hoto009.JPG.zip contains the executable .com file -- DVT-NewPhoto009.JPG_www.imageshares.com  [do not confuse the last .com with the internet address .com for commercial. The file extention .com is windows executable used mainly in earlier windows versions.]

The Rootkit malwares are designed to hide its presence and is hard to troubleshoot infected system. Also this malware is found to be using virtual memory Hijacking and thus can operate Logged in Google Talk program and send links to other users.


As a whole there is nothing to blame Gtalk team. They are doing some good work with their Jabber/XMPP. These can be identified as windows flaws and windows targeted malwares. The mode of spreading in this case is targeted on Gtalk also thats all.


But it was nice if Gtalk blocked file transfer of executable codes like .exe .com etc files even when zipped to prevent spreading of malwares in this way.


The Malware has many interesting features like Process Hijacking and are created as a process on Disk.

 The details of the malware can be seen at the prevx website here

PS: Keep loving Viruses/Adware/Malware as long as they carry Intelligence and Ethics

Related Posts by Categories



Widget by Hoctro | Jack Book

2 Responses:

RonyB. said...

what's the solution?

sabith pocker said...

Read the behaviour of the malware from the prevx site link provided, then remove files and reg-keys that are affected. If any windows files are affected you might need to replace them with good files or reinstall your os.