The Buzz on Google Buzz Malware

Google recently announced its latest service Google Buzz, which is considered as the company’s first step in entering the social-networking scene. Naturally, hordes of Internet users became interested in the new application. But such buzz also gained unwanted attention from cybercriminals who already used the service to spread a malware detected by Trend Micro as WORM_PROLACO.AA.
The worm terminates the MCAGENT.EXE process if found running on users’ systems. It also drops another malicious file detected as WORM_SPYBOT.MCS, which exhibits backdoor routines and terminates specific processes
WORM_PROLACO.AA also poses even greater danger to Mozilla Firefox browser users, as it installs Firefox extension and Firefox Security 2.0 by creating specific files on affected systems. These extensions check the browser’s address bar for specific strings related to googlesearchserver, search, google.com, yahoo.com, bing.com, ask.com, and aol.com/aol/search?s_it. If found, the malware loads a page which triggers the display of ads on search results pages. The worm further spreads by sending email messages to target addresses that it gathers from affected systems. It also drops copies of itself in shared peer-to-peer (P2P) sharing folders.
Trend Micro product users need not worry, however, as Smart Protection Network™ blocks user access to malicious sites related to the pop-up ads via the Web reputation service and detects and deletes all related malware via the file reputation service.
Non-Trend Micro product users (continue reading...)