According to Trend Micro there is a new instant message worm that is propagating via social networking sites. Its primary target is Facebook. It will send malicious links through AIM, Google Talk, ICQ, MSN, Yahoo! Messenger or Facebook IM. When a user clicks the malicious link (disguised as a shortened link) the victim will arrive at a malware-loaded website.
In non-technical terms: Once the victim clicks the link they will arrive at a website that supposedly has images. The fake images are really a malware-zip-archived file. When the archive is unzipped on the victim’s computer, Steckct-EVL immediately goes to work to disable security software (anti-virus/anti-malware) on the victim’s computer (Platforms Affected: Windows 2000, Windows XP, Windows Server 2003). It will then download a second strain (Steckct-EVL’s cloned brother Eboom-AC) and Eboom-AC will begin to monitor the victim’s activity on social networking sites.
The worm spreads in part by posting messages containing a link to a copy of itself on the websites it targets, which include Twitter and MySpace, as well as Facebook. The dodgy messages are also capable of spreading from infected machines onto Yahoo! and other mainstream IM networks. –John Leyden | The Register
