PC Worms Target Instant Messengers

An extremely harmful new family of PC worms has been detected. This family hits famous instant messaging clients to take control of a system without user's consent.

Kaspersky Lab states that the infections, known as IM-worm, occur in multiple languages and can infect users through many IM clients simultaneously, including Skype, Paltalk Messenger, Yahoo! Messenger, ICQ, Google Talk, Windows Live Messenger and the XFire client for gamers.

Kaspersky further states that till now four variants of IM-Worm.Win32.Zeroll have been discovered. The security company reveals that once the worm enters a system, its searches the contact list for an IM user and sends itself to all the addresses. Infection takes place when a user clicks on a hyperlink directing to an interesting picture that takes to a harmful file.

IM-Worm.Win32.Zeroll also has backdoor capability that can enable it to control a system without the user's consent. After entering the system, the worm contacts to a remote command and control centre and gets instructions to begin the process of installing other harmful programs.

Further, Kaspersky Lab highlights that this new IM worm links to several IRC channels according to the country and instant messaging clients located on the system. This implies that an attacker controlling a network of infected systems can categorize them as per the country and IM client and send different commands, which are useful while circulating targeted spam.

The security also claims that presently, Brazil, Mexico, the USA and Peru have maximum a number of infections, but several cases have been reported in India, Africa and European countries, particularly in Spain. Till now, the worm has used 13 different languages (which include German, English, Portuguese and Spanish), sending users in various countries messages in a language that they will comprehend.

Mr. Jimmy Fong, Channel Sales Director of Kaspersky Lab, Southeast Asia, said that it seemed that the worm's creators were presently in the initial phases of their criminal activities, as per the reports by HardwareZone on August 26, 2010.

He added that they were targeting as many systems as they could for getting the best offers from other online criminals for things like pay per install, spam etc.

Related article: PC-Virus of 2005 Threatening Japanese Bank Accountholders, Warns Symantec

» SPAMfighter News - 9/2/2010