We Detect and Protect Against IM Worms, Kaspersky Says
The great thing about instant messaging (IM) applications is that they allow you to keep in touch with your friends and loved ones. There are numerous IM applications that you could choose to talk with others. There’s my favorite Yahoo! Messenger, there’s Skype, ICQ, Windows Live Messenger, Google Talk, and many others.
The annoying thing is that there is a new family of worms out there that specifically targets IM clients. The even more annoying part is that the worms in this family are multilingual and capable of infecting users via several IM clients simultaneously. Remember the IM clients mentioned above? The worms spread via those IM clients.
Kaspersky detects this family of worms as IM-Worm.Win32.Zeroll. So far the security experts at Kaspersky have detected 4 variants of IM-Worm.Win32.Zerollworms. Once a worm from this family infects a computer, it can use pretty much any IM client to spread. It takes every person in the IM client’s contacts list and sends those people a message; the message usually lures people to click a link and view an interesting picture. The link doesn’t lead to an interesting picture; it leads to a malicious file.
As mentioned above, the worms in the IM-Worm.Win32.Zeroll family are multilingual. According to Kaspersky, the worm uses 13 different languages. Among these languages you will find English, German, Spanish and Portuguese.
“IM-Worm.Win32.Zeroll has backdoor functionality, which means it can gain control of a computer without the user’s knowledge. Once it has penetrated a system, the worm contacts a remote command and control center. After receiving its instructions from the center via IRC, IM-Worm.Win32.Zeroll starts downloading other malicious programs. Interestingly, this new breed of IM worm connects to different IRC channels depending on the country and the instant messaging clients installed on the computer. This means a hacker controlling a network of infected computers can classify them according to country and IM client and send out different commands, which is useful, for example, when distributing targeted spam,” explained Kaspersky in a press release .
The largest number of IM-Worm.Win32.Zeroll infected machines has been detected in Mexico, Brazil, Peru and the USA. Infections have been detected in Africa, India and European countries (Spain in particular) as well. You need not worry about this family of worms if you rely on a Kaspersky product for protection; all Kaspersky products detect and neutralize the worms.
The annoying thing is that there is a new family of worms out there that specifically targets IM clients. The even more annoying part is that the worms in this family are multilingual and capable of infecting users via several IM clients simultaneously. Remember the IM clients mentioned above? The worms spread via those IM clients.
Kaspersky detects this family of worms as IM-Worm.Win32.Zeroll. So far the security experts at Kaspersky have detected 4 variants of IM-Worm.Win32.Zerollworms. Once a worm from this family infects a computer, it can use pretty much any IM client to spread. It takes every person in the IM client’s contacts list and sends those people a message; the message usually lures people to click a link and view an interesting picture. The link doesn’t lead to an interesting picture; it leads to a malicious file.
As mentioned above, the worms in the IM-Worm.Win32.Zeroll family are multilingual. According to Kaspersky, the worm uses 13 different languages. Among these languages you will find English, German, Spanish and Portuguese.
“IM-Worm.Win32.Zeroll has backdoor functionality, which means it can gain control of a computer without the user’s knowledge. Once it has penetrated a system, the worm contacts a remote command and control center. After receiving its instructions from the center via IRC, IM-Worm.Win32.Zeroll starts downloading other malicious programs. Interestingly, this new breed of IM worm connects to different IRC channels depending on the country and the instant messaging clients installed on the computer. This means a hacker controlling a network of infected computers can classify them according to country and IM client and send out different commands, which is useful, for example, when distributing targeted spam,” explained Kaspersky in a press release .
The largest number of IM-Worm.Win32.Zeroll infected machines has been detected in Mexico, Brazil, Peru and the USA. Infections have been detected in Africa, India and European countries (Spain in particular) as well. You need not worry about this family of worms if you rely on a Kaspersky product for protection; all Kaspersky products detect and neutralize the worms.
