IMLogic said the worms affected users of both AOL and Yahoo instant messaging applications. Users receive a message tempting readers with a web link reference to the latest Star Wars film.
The Funny.Movie.AOL worm encourages the user to click on a link that downloads a worm to the user's desktop. The worm then sends itself to all AIM users on the victim's buddy list with a message "hehe i found this funny movie". The word 'this' is a link to the downloaded malware. The company warned that the malware could also be used to remotely control the victim's computer.
The second worm, called "Phish.Yahoo.Star" is a phishing attack Clicking on the link within this message takes the user to a fake Yahoo site where the phisher hopes to get the victim to type in their account details. The details are forwarded onto an email address where the phisher uses the information to search for bank account details.
IMLogic advised administrators to block the phrases in the messages with a content filter and update their anti-virus products.
As reported in SC Magazine earlier this month, nearly two-thirds of companies are totally unprotected against the risks of Instant Messaging (IM) misuse, according to a new study.