Advanced instant messenger threat discovered

Powered by SC Magazine

Yahoo! Messenger, Skype, Windows Live, and Google Talk among those targeted.

Warnings have been made about worms that are spreading via instant messaging (IM) clients.

Kaspersky Lab said that the new family of worms are multilingual and capable of infecting users via several IM clients simultaneously, including Yahoo! Messenger, Skype, Paltalk Messenger, ICQ, Windows Live Messenger, Google Talk and the XFire client for gamers.

Kaspersky said that four variants of IM-Worm.Win32.Zeroll have been detected so far. Kaspersky Lab said that once the worm penetrates a computer, it looks in the contact list of any IM client present and sends itself to all the addresses it finds. Infection occurs when a user follows what they think is a hyperlink in an instant message to an interesting picture, that leads to a malicious file.

IM-Worm.Win32.Zeroll also has backdoor functionality to gain control of a computer without the user's knowledge. Once it has penetrated a system, the worm contacts a remote command and control centre and after receiving its instructions it starts downloading other malicious programs.

Kaspersky Lab said it uses 13 different languages, including English, German, Spanish and Portuguese, sending users in various countries messages in a language that they will understand.
At the present time, Mexico, Brazil, Peru and the USA have seen the greatest numbers of infections, but many instances have also been recorded in Africa, India and European countries, particularly Spain.

Dmitry Bestuzhev, Kaspersky Lab's regional expert for Latin America, said: “It appears that the worm's creators are currently in the early stages of their criminal activities. They are infecting as many machines as they can in order to get good offers from other crooks for such things as pay per install, spam and so on.”

Kaspersky Lab also said that the new breed of IM worm connects to different IRC channels depending on the country and the instant messaging clients located on the computer. This means a hacker controlling a network of infected computers can classify them according to country and IM client and send out different commands, which is useful, for example, when distributing targeted spam.

See original article on

Copyright © SC Magazine, US edition

Advanced instant messenger threat discovered
Top Stories
The True Cost of BYOD - 2014 survey
Twelve months on from our first study, is BYOD a better proposition?
Photos: Unboxing the Magnus supercomputer
Pawsey's biggest beast slots into place.
ANZ looks to life beyond the transaction
If digital disruptors think an online payments startup could rock the big four, they’ve missed the point of why people use banks, says Patrick Maes.
Sign up to receive iTnews email bulletins
Latest Comments
What is delaying adoption of public cloud in your organisation?

   |   View results
Lock-in concerns
Application integration concerns
Security and compliance concerns
Unreliable network infrastructure
Data sovereignty concerns
Lack of stakeholder support
Protecting on-premise IT jobs
Difficulty transitioning CapEx budget into OpEx