Virus creators are continuing to demonstrate their interest in instant messaging as a rapid means of spreading malicious code. Anti-virus firm PandaLabs has detected the appearance of three new worms – Kelvir.B, Kelvir.C and Fatso.A – specifically programmed to spread via MSN Messenger.
The new Kelvir worms reach computer in messages with texts like: "omg this is funny!" or "lol! see it! u'll like it", which include a link to an Internet address. If the user clicks on this link, files containing the code of these worms will be downloaded and installed on the computer. These then send new messages to the contacts in MSN Messenger.
At the same time, they download variants of other Trojans from another web address. These Trojans allow a hacker to gain remote control of the affected computer through IRC chat channels. It is important to mention that all of the web pages from which the worms or Trojans are downloaded have already been blocked by Internet Service Providers, preventing them from continuing to spread any further.
The Fatso.A worm sends messages containing links to a page from which a file containing a copy of its code is downloaded and run. When it gets into a computer, it sends itself to all the contacts in MSN Messenger and downloads other files to the system root directory. These files can have names like "Annoying crazy frog getting killed.pif", "Crazy frog gets killed by train!.pif" or "Fat Elvis! lol.pif". This worm is also capable of spreading through P2P applications like KaZaA. Fatso.A also ends the processes of various security programs running in memory, leaving the computer vulnerable to other possible attacks.
Luis Corrons, head of PandaLabs, said,
"It is probable that new worms that spread via MSN Messenger will appear over the next few hours, and therefore, it is highly recommendable to take precautions with messages received through this application. The situation is getting more dangerous for users of instant messaging applications. As well as these new malicious code, the 20 variants of the Bropia worm and the two variants of the Stang worm detected over the last few days also use this means to spread. What's more, cyber-criminals are showing a growing interest in instant messaging and there is a tendency to launch blended threats. The two new Kelvir worms, for example, not only aim to spread as widely as possible but also try to install other malware on computers. These could be used to carry out all kinds of actions, such as online fraud using confidential data stolen from affected computers."
Due to the possibility of receiving malicious code through instant messaging applications, users are advised to have reliable, updated anti-virus software installed, and to be wary of all messages received, regardless of the source.