Two Internet Worms Target MSN Instant Messenger Users

[detn8r]

MSN Messenger has been added to the list of instant messenger programs which require heightened vigilence. Two security companies have discovered that there are two worms, one old and revised, and one new, which are targetting MSN Messenger users. As if we don’t have enough to worry about with phishers targetting Yahoo Messenger, and a security hole in Trillian.

The first is a variation on the Kelvir worm (Win32.Kelvir.a), and the latter is a brand new worm which as been dubbed by security company Aladdin Knowledge Systems “Win32.Serflog.a", and which F-Secure is calling Sumom. Both worms are considered to be medium-to-high risk.

The Kelvir worm spreads itself by sending a message to an MSN Messenger user which contains a link. When the user clicks on the link, a program is downloaded to the user’s computer which, when executed, attempts to install multiple copies of itself on the user’s computer.

The Serflog or Sumom worm sends the target MSN Messenger user a message which reads something along the lines of “????omg click this!". “This” is an attachment which, when clicked, drops the worm onto the user’s computer, and also installs hidden files which attempt to defeat MSN Messenger’s security features, and also blocks access to several websites.

As always, users should exercise extreme caution whenever presented with an unexpected file on an instant messenger client, or when someone they don’t know sends them a link.

Source: http://www.aunty-spam.com/two-intern...ssenger-users/