IM worms continue to expand their repertoire of social engineering tricks. W32/Olameg-net, a.k.a. Opanki.Y and AIM/Megalo, installs itself to the Windows System directory as itunes.exe, presumably trying to disguise itself as the popular Apple iTunes application. Olameg then modifies the registry to load this copy of itself when Windows is started.
Once the worm has seated itself on the computer, it downloads a variant of the Agent downloader Trojan and four adware apps: MediaGateway, ProSitefinder, SAHAgent, and the Websearch toolbar. Olameg then continues its spread via AOL Instant Messenger, sending a hyperlink to AIM contacts with the text "this picture never gets old".
Olameg contains IRCbot functionality, connecting to an IRC server upon infection and sending a message to alert the attackers who then are able to remotely manipulate the worm.
To prevent Olameg and other instant messaging threats, see Tips for IM Safety.
To remove the adware installed by Olameg, use an up-to-date spyware scanner. Here are my (newly updated) picks for top spyware scanners.
