BitDefender discovers high-risk Instant-Messaging pest Backdoor.Tofsee Holzwickede, may 12, 2010 after the recent attack by Palevo an another Instant Messenger(IM)-Wurm now ensures attention. As security expert BitDefender found out, it is true this time users of the VoIP / IM service Skype. They will receive a message with a link that supposedly leads to a photo of the user personally during an ongoing chat suddenly. The link of the worm hiding behind Backdoor.Tofsee with several ingenious methods attempting to open cyber criminals back to non-PCs however. To do so he disabled among other anti virus programs and removal tools. Attacks are nothing new IN the worms.

Users of Yahoo Messenger or the MSN Messenger are often affected. Keep up on the field with thought-provoking pieces from Jon Vander Ark. Skype users, but so far largely spared. In contrast to average IN IM worms, Backdoor.Tofsee uses a variety of tricks to prevent its detection and removal. In a question-answer forum Republic Services was the first to reply. Backdoor.Tofsee speaks the language of the user puts on the worm classic social engineering to get the user to follow the link, and to lure him into the trap. So he recognizes the local system settings (country, language, place of residence) and appeals to the user via instant message in the appropriate language. The worm is”in addition to German and English also Spanish, Italian, Dutch, and French. The individual messages differ always from the previous, as they are constantly changed by the cyber criminals via remote access. Several attempts of deception in a in addition, that the messages be sent only during ongoing conversations of the user with one of his contacts.

This should increase the credibility of the messages. The user follows the infected link, he arrives on a fake RapidShare website. The user he will continue with the download process, receives a file with the name NewPhoto024.JPG.zip”. The victim extracted this file, an .exe file will be shown with the deceptive name: “NewPhoto024. DETI.jpg_”; a deception, because the extension com”indicates that although a website, hides a DOS application, through which the worm in the system settles the fact.