posted on Mar, 7 2005 @ 05:05 PM
IM worms are becoming more common then ever. This weekend a new outbreak of a virus targeting Microsoft's instant messenging program, Windows
Messenger, hit the net. This latest virus uses most of the common tactics of social engineering to entice users to open a link which downloads malware
that opens a back door on the machine, allowing for the computer to be remotely controlled.
New worms spreading through MSN Messenger -- and its bundled-with-Windows Windows Messenger version -- via links to a malicious site are infecting
users and leaving their PCs open to hacker hijack, security vendors reported Monday.
The new worms, tagged as Kelvir.a and Kelvir.b, appeared over the weekend and on Monday, respectively, anti-virus vendors said. Both use the same
mechanism to attract users and infect Windows-based PCs: they include a link in the instant message. That link, in turn, downloads a malicious file --
the actual worm, a variant of the long-running Spybot -- which opens a backdoor to the compromised machine.
Kelvir spreads by sending itself to all the MSN/Windows Messenger contacts on the infected PC, and poses as cryptic messages such as "lol! see it!
u'll like it!" and "omg this is funny!" The link opens a .pif-formatted file.
Please visit the link provided for the complete story.
Currently this attack is spreading through Windows Messenger, but that is not to say that it could not spread through other IM programs. Experts say
the reason it is currently spreading on the MSN network is the global availability of the program.
The Windows Messenger is so available because it is bundled in Windows.
Look for a new patch or version of Messenger in the future that will deal with URLs in chat much differently.
Related News Links: