Panda Alert: BlackAngel.B worm spreading via MSN Messenger
Panda Software, warns of the spread of the new B variant of the BlackAngel worm. PandaLabs has already received several incidents from users affected by this worm.
This worm spreads via Microsoft’s instant messaging program MSN Messenger. In order to spread through this tool, it sends messages to the all the contacts in the user’s contacts list, disguising itself as a video called ‘Fantasma’ (Ghost). If the recipient opens the file, an image appears on screen with a text in Spanish “En el 1er día te espantas, en el 2º te desesperas, en el 3º buscas ayuda y en el 4º mueres” (on the 1st day you get scared, on the 2nd you get desperate, on the 3rd you look for help and on the 4th you die).
When the file is run, the BlackAngel.B code carries out several modifications to the system, which include closing different security applications (antivirus programs, firewalls, etc.) in order to avoid detection. What’s more, it tries to close a number of windows so that the user cannot use operating system configuration tools. These windows are:
- Windows Task Manager
- Control Panel
- Registry Editor
- System Configuration Utility
- System Restore
In order to spread to the contacts in MSN Messenger, it blocks a window in this application and prevents the user from accessing it. From this window it starts a conversation with the contacts, during which it sends messages like “jaja look a that” or “mira este video”, and a web address, from which the worm is downloaded to infect the computer.