Advanced instant messenger threat discovered

Powered by SC Magazine

Yahoo! Messenger, Skype, Windows Live, and Google Talk among those targeted.

Warnings have been made about worms that are spreading via instant messaging (IM) clients.

Kaspersky Lab said that the new family of worms are multilingual and capable of infecting users via several IM clients simultaneously, including Yahoo! Messenger, Skype, Paltalk Messenger, ICQ, Windows Live Messenger, Google Talk and the XFire client for gamers.

Kaspersky said that four variants of IM-Worm.Win32.Zeroll have been detected so far. Kaspersky Lab said that once the worm penetrates a computer, it looks in the contact list of any IM client present and sends itself to all the addresses it finds. Infection occurs when a user follows what they think is a hyperlink in an instant message to an interesting picture, that leads to a malicious file.

IM-Worm.Win32.Zeroll also has backdoor functionality to gain control of a computer without the user's knowledge. Once it has penetrated a system, the worm contacts a remote command and control centre and after receiving its instructions it starts downloading other malicious programs.

Kaspersky Lab said it uses 13 different languages, including English, German, Spanish and Portuguese, sending users in various countries messages in a language that they will understand.
At the present time, Mexico, Brazil, Peru and the USA have seen the greatest numbers of infections, but many instances have also been recorded in Africa, India and European countries, particularly Spain.

Dmitry Bestuzhev, Kaspersky Lab's regional expert for Latin America, said: “It appears that the worm's creators are currently in the early stages of their criminal activities. They are infecting as many machines as they can in order to get good offers from other crooks for such things as pay per install, spam and so on.”

Kaspersky Lab also said that the new breed of IM worm connects to different IRC channels depending on the country and the instant messaging clients located on the computer. This means a hacker controlling a network of infected computers can classify them according to country and IM client and send out different commands, which is useful, for example, when distributing targeted spam.

See original article on

Copyright © SC Magazine, US edition

Advanced instant messenger threat discovered
Top Stories
Matching databases to Linux distros
Reviewed: OS-repository DBMSs, MariaDB vs MySQL.
Coalition's NBN cost-benefit study finds in favour of MTM
FTTP costs too much, would take too long.
Who'd have picked a BlackBerry for the Internet of Things?
[Blog] BlackBerry has a more secure future in the physical world.
Sign up to receive iTnews email bulletins
Latest Comments
Which is the most prevalent cyber attack method your organisation faces?

   |   View results
Phishing and social engineering
Advanced persistent threats
Unpatched or unsupported software vulnerabilities
Denial of service attacks
Insider threats