The Posse worm is spreading on MSN Messenger

The Posse worm specializes in spreading through MSN Messenger instant messaging services and downloads malicious files on infected computers.

The Posse worm has appeared on MSN Messenger and is trying to spread through deceptive messages. The malware sends itself to any address in your MSN Messenger address book. It then also tries to send a zip file to these users, which also contains the files associated with the worm.

Posse's responsibilities include downloading various malicious files to infected computers over the Internet and saving them to the root directory of drive C.

When the Posse worm starts, it performs the following actions:
1. Create the following file:
% System% \ sp2.exe

2. Add the following entry to the registration database:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentV ersion\Run”WindowsSp2″ = “C:\WINDOWS\System32\sp2.exe”

3. Create or modify the following keys in the registry:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVe rsion\Internet Settings”ProxyEnable” = “00 00 00 00”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVe rsion\Policies\System”DisableTaskmgr” = “1”

4. Create the following entry in the registration database:
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVe rsion \ Policies \ System

5. It connects to a Web site and downloads a file from there that you saved to the root directory of drive C as server.exe.

6. Connect to a Web site and download a file from there that you saved to the root directory of drive C as fotos_posse.zip.

7. You are trying to spread through MSN Messenger. The worm sends the following message:
"Hola espero q te gusten las fotos 😉 me las hice yesterday (y)"

8. Attempts to transfer the fotos_posse.zip file.