Conforming to a study made by the researchers from FaceTime SecurityLabs, they identified and reported a new threat for IM. This new threat are actually two “botnet” networks that represent up to 150000 infected computers, where one of them is the central computer who uses the other to scan desktops and back-end computers for credit card numbers, personal information like log-ins and passwords and even bank accounts. This computer uses the other computer as gates, from where he can attempt to scan others.

But how did it get to this? Lately, the IM are becoming a source of distribution malicious codes and executable. What these do? They store passwords, auto-complete data and vulnerable payment systems. Those who are affected are the majority of the users who use unsecured IM (Instant Messaging) clients or IE (Internet Explorer) browser. The files are considered trojans and the risk of infection is high.

You just have to click on a link containing malicious code passed via IM and the Remote Administration Server, a commercially available application produced by Famtech, is automatically installed via a “beh.exe”. After that, the application will hide in the systray allowing the hacker to gain access to the computer.

Let me give you an example. “Carder,” a perl script designed specifically to uncover exploits in several shopping cart applications including Comersus Cart, CactuShop, CCBill and others that are used by many popular ecommerce sites. If a vulnerability is identified by this file, the backend database containing credit card and account information (e.g. credit card numbers, home addresses, usernames and passwords) may be stolen off the ecommerce site. Personal information may also be stolen from the infected PC itself through Protected Storage PassView from NirSoft, another application that may be remotely loaded onto infected PCs.

What can be done against this things? First of all, don’t click on links from your IM if you don’t know who sent them. Second, use a firewall updated. Third, hope that this doesn’t happen to you.