Santa IM Worm Installs Rootkit Payload
A new Christmas-themed worm attack is underway, delivering an offensive rootkit payload over the AOL, MSN, Windows Messenger, ICQ and Yahoo instant messaging networks.
The worm, identified as IM.GiftCom.All, was discovered by researchers at IMLogic Inc.'s Threat Center spreading via IM and attempting to trick users into clicking on a malicious URL.
The link lures the target into visiting a harmless Santa Claus Web site, but actually installs a rootkit payload to the victim's machine, IMLogic said in an advisory.
"The rootkit payload is often named gift.com and when executed hides itself on the user's system, attempts to shutdown desktop anti-virus software and starts collecting the infected user's information for broadcast over the Internet," the company explained.
Source and full article: eWeek.com
Messenging users, keep away from "Santa Claus"