Most people still do not expect to get viruses via IM...(ItÂ’s) a new way to bypass existing security methods and get into PCs.
Antivirus companies recently flagged a variation of an existing threat and a new worm, both targeting MSN Messenger.
The appearance of the new worms underscores the growing popularity of malicious software that relies on instant messaging, or IM, to spread. It follows a similar attack last month by another program meant to use Messenger to spread itself.
While Microsoft spokesmen were quick to point out that the Messenger attacks do not take advantage of any flaw in the software, the company said it recommends that customers exercise Â“extreme cautionÂ” when accepting file transfers from both known and unknown sources on IM.
The Win32.Kelvir.a virus spreads via a URL sent in an IM that contains an infected file. After clicking on the link, a personÂ’s computer becomes infected by the worm.
When the program is executed it attempts to drop multiple copies of itself onto the personÂ’s PC. The worm also executes itself with every subsequent startup of the IM software by modifying registry entries, and it forwards itself to all of an individualÂ’s IM contacts. The threat presents itself hidden in a message that reads Â“omg this is funny!Â”, followed by the URL.
In the first six weeks of 2005, 10 instant-messaging worms and their variants spread over America Online, ICQ and MSN networks, according to researchers at Akonix Systems. ThatÂ’s more than three times the number of worms that spread over public IM networks over the same period last year, and Akonix expects the trend to continue to climb.
However, because the worms are designed to appear as if theyÂ’ve been sent by a known contact, they could do serious damage.
The latest round of worms targeting Messenger bear some signs that the individuals writing the malicious programs have begun to use the threats to communicate with one another, possibly in a manner similar to street gangsÂ’ use of graffiti tags to mark their territory.