A crafty new P2P worms is spreading quickly among users of popular file-sharing programs like LimeWire and BearShare (media sharing sites).
The worm lures victims by utilizing a link embedded in a spam IM message. Once clicked, the link leads to a so called image file, but in actuality it is a malicious payload. From there the malware begins to work its magic installing numerous files that compromise the Windows firewall.
The malware continues to install further malware and/or captures passwords entered using Internet Explorer or Firefox.
The worm copies itself to network shares from the infected PC as well as USB sticks or other external drives. Any unprotected system with the Windows auto run feature turned on – basically almost every PC – will find itself infected as those drives are moved from PC to PC.
MTI recommends prohibiting the use of personal USB drives in the workplace as well as anti-virus and anti-spyware/malware protection.