New Instant Messaging Viruses - Avoid Files & URLs
Please be careful with IM programs as several new viruses have emerged over the weekend. Please do not accept attachments or click on URLs in IM messages.
W32.Kelvir.BA - Symantec
WORM_KELVIR.AL - Trend Micro
Sends the following instant message to all MSN Messenger contacts on the compromised computer. If the recipient clicks on the above link, a copy of the W32.Spybot.OFN. worm is downloaded. Avoid the following message
lol you'll like this
http://[domain removed]/downloads/gallery.php?email=[email address]
Backdoor.Doyorg is a back door Trojan which allows unauthorized remote access. The Trojan may arrive via an instant message received in AOL Instant Messenger (AIM).
This threat "spreads" via a hyperlink that is received via AOL Instant Messenger. Recipients may receive a message such as:
hey check out this ...
Following the hyperlink results in users being prompted to save/run an executable file. If users choose to download and/or run this file, Oscarbot will contact a remote IRC server, logon to a specified channel and wait for further instructions. One of these instructions can result in the bot program sending the aforementioned hyperlink to all recipients on the infected users buddy list. Technically not a worm, this threat requires a bot commander to initiate the "spimming" (IM spam) routine.