Recent Posts

Community

Email Notifications

Personal Links

Archives

Harry Waldron - IT Security

Security Developments, Software Updates and Best Practices

New Instant Messaging Viruses - Avoid Files & URLs

  Please be careful with IM programs as several new viruses have emerged over the weekend.  Please do not accept attachments or click on URLs in IM messages.

 W32.Kelvir.BA - Symantec

  WORM_KELVIR.AL - Trend Micro

Sends the following instant message to all MSN Messenger contacts on the compromised computer.   If the recipient clicks on the above link, a copy of the W32.Spybot.OFN. worm is downloaded.  Avoid the following message

lol you'll like this
http://[domain removed]/downloads/gallery.php?email=[email address]

  Backdoor.Doyorg

Backdoor.Doyorg is a back door Trojan which allows unauthorized remote access. The Trojan may arrive via an instant message received in AOL Instant Messenger (AIM).

 W32/Oscarbot

This threat "spreads" via a hyperlink that is received via AOL Instant Messenger.  Recipients may receive a message such as: 

hey check out this ...

Following the hyperlink results in users being prompted to save/run an executable file.   If users choose to download and/or run this file, Oscarbot will contact a remote IRC server, logon to a specified channel and wait for further instructions.  One of these instructions can result in the bot program sending the aforementioned hyperlink to all recipients on the infected users buddy list.  Technically not a worm, this threat requires a bot commander to initiate the "spimming" (IM spam) routine.

Posted: May 01 2005, 09:06 PM by Harry Waldron | with no comments