Advanced instant messenger threat discovered

Powered by SC Magazine
 

Yahoo! Messenger, Skype, Windows Live, and Google Talk among those targeted.

Warnings have been made about worms that are spreading via instant messaging (IM) clients.

Kaspersky Lab said that the new family of worms are multilingual and capable of infecting users via several IM clients simultaneously, including Yahoo! Messenger, Skype, Paltalk Messenger, ICQ, Windows Live Messenger, Google Talk and the XFire client for gamers.

Kaspersky said that four variants of IM-Worm.Win32.Zeroll have been detected so far. Kaspersky Lab said that once the worm penetrates a computer, it looks in the contact list of any IM client present and sends itself to all the addresses it finds. Infection occurs when a user follows what they think is a hyperlink in an instant message to an interesting picture, that leads to a malicious file.

IM-Worm.Win32.Zeroll also has backdoor functionality to gain control of a computer without the user's knowledge. Once it has penetrated a system, the worm contacts a remote command and control centre and after receiving its instructions it starts downloading other malicious programs.

Kaspersky Lab said it uses 13 different languages, including English, German, Spanish and Portuguese, sending users in various countries messages in a language that they will understand.
At the present time, Mexico, Brazil, Peru and the USA have seen the greatest numbers of infections, but many instances have also been recorded in Africa, India and European countries, particularly Spain.

Dmitry Bestuzhev, Kaspersky Lab's regional expert for Latin America, said: “It appears that the worm's creators are currently in the early stages of their criminal activities. They are infecting as many machines as they can in order to get good offers from other crooks for such things as pay per install, spam and so on.”

Kaspersky Lab also said that the new breed of IM worm connects to different IRC channels depending on the country and the instant messaging clients located on the computer. This means a hacker controlling a network of infected computers can classify them according to country and IM client and send out different commands, which is useful, for example, when distributing targeted spam.

See original article on scmagazineuk.com

Copyright © SC Magazine, US edition


Advanced instant messenger threat discovered
 
 
 
Top Stories
Slow progress in Turnbullistan
[Blog post] How has the NBN moved ahead since regime change?
 
Hacks and frauds can't dampen Bitcoin buzz
[Blog post] Enthusiasts meet in Melbourne.
 
Qantas checks in with cloud computing
Impressed with results of public cloud bake-off.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  22%
 
Application integration concerns
  3%
 
Security and compliance concerns
  31%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  24%
 
Lack of stakeholder support
  4%
 
Protecting on-premise IT jobs
  4%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 540

Vote