By GoldSparrow in Malware

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 7
First Seen: November 1, 2011
Last Seen: March 15, 2023
OS(es) Affected: Windows

Instant messaging bots are a fairly common occurrence. Typically, a user will receive a message from an infected contact or a dummy account making some enticing claim, in an attempt to convince the victim to click on a particular link. Needless to say, ESG malware analysts do not recommend clicking on these kinds of links; they will typically result in a malware infection of some sort. Instant messaging bots are often instantly recognizable. This is because their way of operating consists of a simple message and a link, usually very transparent in its nature. YIMBot.K is an exception to this rule, as this instant messaging bot is actually quite chatty. YIMBot.K bot will typically start off a conversation with a polite greeting, right after the victim signs into YIM. Apart from the greeting, this bot will claim that, to honor Steve Jobs' death, Apple is giving out fifty thousand MacBooks. ESG PC security researchers clarify that this claim is patently false and that it is highly unlikely that Apple will start giving out iPods, iPads, MacBooks or any of their other valuable products to commemorate the death of their former CEO, Steve Jobs. One of the features that characterize YIMBot.K chatbot is the fact that YIMBot.K Trojan is much more interactive than other typical infections of this type. It will pretend to type slowly, rather than giving out instant answers. YIMBot.K chatbot is also programmed to respond to certain keywords in a conversation to make for a more convincing experience. In the end, the link associated with YIMBot.K leads to a fraudulent service used by criminals to launder money or information.

Having a Conversation with YIMBot.K Instant Messaging Bot

According to ESG PC security researchers, having a conversation with YIMBot.K instant messaging bot will often result in an interchange that is fairly convincing. Inexperienced computer users, especially those without any knowledge of the existence of chatbots, may be convinced by YIMBot.K chatbot. Some of the examples this chatbot interacts, include how YIMBot.K Trojan says 'no problem, good bye' when the victim types some variation of 'go away'. This bot will also answer 'I always keep my anti-virus software updated' if the victim mentions the word 'virus' in the conversation. Instead of simply linking to the Steve Jobs scam, YIMBot.K chatbot will start out the conversation by asking 'have you heard about Steve Jobs?' These details are what make YIMBot.K a particularly dangerous variation on a typical chatbot infection.


Most Viewed