(This came from an article in Microsoft's internal newsletter.)


People who develop malicious software are getting sneakier every
day. Instant-messenger (IM) services continue to be used to
propagate worms, and now, you may be used to propagate worms, too.

The latest type of worm being sent through IM leverages your contact
list to encourage you to download a file by sending the file so it
looks like a friend or business contact has sent it to you on
purpose.

Historically, most worms sent through IM were easy to identify and
stop, because the sender was unknown, which raised suspicions. But
this newer class of worm can spread quickly and can be hard to
eradicate, because it does not exploit software vulnerabilities, but
rather relies on the user to accept a file from a known contact and
then run it. It then sends itself to all the contacts in that user's
contact list.

To help prevent this type of inadvertent infection, use extreme
caution when accepting file transfers from both known and unknown
sources. If you receive an unexpected file transfer—even from
someone you know—in the form of an executable, such as a .PIF or a
script, do not accept the transfer until you verify that the trusted
source or sender was, indeed, sending you a legitimate transfer.

Symptoms that could indicate you may have been infected by this type
of worm:

• Some programs may become disabled, such as cmd.exe, Task Manager
or regedit.

• Changes to mouse functionality or an inability to execute the
Control-Alt-Delete command.

• Unusual files or processes running on the machine.