iTunes-Disguised Worm Spreads Via Instant Messaging
The Opanki.worm, first reported earlier this month, arrives as the file iTunes.exe, Trend Micro Inc. said. The writer apparently is trying to trick the recipient into thinking that the file is associated with Apple's iTunes music software, which is installed in a PC to download and play songs from the company's online store.
If a person clicks on the file, then the worm is installed in the PC, where it opens up a port that's used to upload adware. Adware can display pop-up ads and other forms of advertising to a computer user, as well as track Internet activity.
The worm is delivered through an IM that reads, "This picture never gets old."
Trend Micro gives the worm and overall risk rating of low.
While the use of iTunes to disguise viruses is relatively new, leveraging popular brands to trick consumers into clicking malicious files is not, Bruce Hughes, senior anti-virus expert for Trend Micro said. Instant messaging, on the other hand, isn't the preferred method for most virus writers.
"One of the interesting things with instant messaging is the virus spreads very quickly and then dies out very quickly," Hughes said.
The reason is IM users tend to contact their Internet service providers soon after spotting a virus, and the ISP takes fast action to remove the malicious code before it spreads further, Hughes said. For that reason, most virus writers prefer to send their payloads through e-mail.
In addition, people usually have more e-mail than IM contacts.
"(Nevertheless), if the virus writers are more advanced, then they'll write something for IM and e-mail," Hughes said.