More info and example message at f-secure.com/weblog.
We have received reports from customers of suspicious pop-ups that were being spammed through MSN Messenger...When the link in the message is clicked, it automatically downloads a file named photo942.PIF. This file is the backdoor component of Licat.C...used to connect to...These websites contains a malicious IP address. Access to this address will again download other malware and adware...
Heartworm infects Microsoft’s IM network
The worm, actually called W32.heartworm.a, affects users of Microsoft’s Windows Live Messenger service (formerly MSN Messenger), presenting users with a link to a Web site that tells them a virtual greeting card is waiting for them,...That link brings unsuspecting users to an image of a heart with a poem written in Portuguese, which secretly installs files