Headline Feeds
With 500 million song sales under its digital belt and counting, Apple (Nasdaq: AAPL) iTunes has made a name for itself -- but now, hackers are trying to use that name to spread worms to unsuspecting Internet users, according to security firm Trend Micro (Nasdaq: TMIC).
Trend Micro is reporting that a new worm called WORM_OPANIKI.Y is loose in the wild. The worm poses as an iTunes file and spreads using AOL Instant Messenger. The worm does not affect Mac users, but it does affect most versions of Microsoft (Nasdaq: MSFT) Windows operating systems.
Specifically, the worm is disguised as a file named "iTunes.exe" in an attempt to trick users "into thinking that this worm is associated with a legitimate product," said Trend Micro in its advisory.
When a target user opens the attached file, the worm is activated and sends a message to each of the user's online contacts. That file reads, "this picture never gets old." The message has a link to a URL that allows users to download a file that looks like a JPEG. The software also downloads spyware and pop-ups on the victim's computer and tracks the Internet sites of infected users.
Storm in a Teacup
Graham Cluley, senior technology analyst at anti-virus firm Sophos Labs, told MacNewsWorld that he has seen instant messaging worms in the past, but they've never had the same kind of impact as e-mail-aware worms or Internet worms like Sasser. His feeling is that this WORM_OPANIKI.Y, which Sophos calls W32/Oscabot-L, is no different.
"Of course, all Internet users should exercise great caution about what programs they choose to run on their computer -- whether they arrive via Web download, e-mail attachment or Instant Message," Cluley said. "This worm is unlikely to be much more than a storm in a teacup, but it still makes sense for everyone to ensure their anti-virus software is continually kept up to date."
Threat at the Backdoor
Indeed, Trend Micro's advisory said the worm is not a major threat and has not yet spread too widely. Still, this malware does have backdoor capabilities.
"It connects to an Internet Relay Chat server. This enables a remote user to perform malicious commands on the affected machine. The said routine provides remote users virtual control over affected systems, thus compromising system security," according to the Trend Micro advisory.
Viruses on the Rise
Cluley said this is one of several new viruses that aren't causing much of a panic, but should nonetheless be watched. Another example is WM97/Sundor-A. The new worm displays a message claiming to come from an alien.
The worm deletes programs and documents from the infected computer's hard drive, hides desktop icons, and disables some security software, potentially opening the computer to infection by other worms, viruses and spyware.
"The good news is that you're more likely to be abducted by an alien than be infected by this virus," said Cluley. "The Sundor-A worm has so far been remarkably unsuccessful at spreading its message to the inhabitants of planet Earth."
Cluley said that as he sees more and more viruses, trojans and spyware being written with the intention of stealing from users, it is becoming more unusual to encounter malware that announces its presence.
"The message displayed by the Sundor worm effectively limits its chances for successfully spreading," he said. "Although it is possible that some users may believe that it is a joke program sent from a friend, rather than something deliberately malicious."
Talkback: 
