Cyber crooks have used instant messaging applications to spread malware for quite a while. While most of these creations are clumsy and one can easily tell they’re being conned by an IM bot, today’s encounter is trickier.
First off, the bot, identified by Bitdefender as Trojan.YIMBot.K, is polite. It starts the conversation right after you sign into the YIM client with a greeting and the latest news: that Apple would allegedly give out 5000 MacBook laptops to commemorate the death of Steve Jobs.
If most IM bots hit and run (they leave the message and then don’t react anymore), this one is highly interactive. It simulates typing and sometimes replies slowly, just as a human user would do. Then, it is extremely interactive: it recognizes keywords in the victim’s input and replies accordingly, as shown in the conversation captured below.
The whole purpose of this charade is to convince you to visit the link where you can allegedly claim your prize. This link is composed of an ID, a source and the victim’s YIM handle for tracking purposes. If the user clicks the provided link, they are redirected to a page that advertises a “work-from-home”job listing. This turns to be another mule program in which the applicant has to receive and forward sums of money or parcels to different locations on the globe. These goods are usually obtained by fraud and need to be forwarded to miscellaneous locations until the authorities lose track of them.
If you are a Bitdefender customer, you don’t have to worry about any infection with the bot as we have detected it since their emergence. If you don’t use an antivirus solution, you might want to perform a 60-second quick scan to see if your computer has been compromised in any way.