Internet security company Kaspersky Lab has detected a new family of computer worms that is spreading via numerous instant messaging clients.
According to the company, this worm is distinctive and unusual for this class of program, as it is multilingual and can infect users via several IM clients simultaneously. These include Yahoo Messenger, Skype, Paltalk Messenger, ICQ, Windows Live Messenger, Google Talk and the XFire client for gamers.
Kaspersky has to date detected four variants of this worm, dubbed IM-Worm.Win32.Zeroll. “Once it penetrates a computer's security settings, it searches present IM clients' contact lists and sends itself to all the addresses it finds.
Infection occurs when a user follows what they think is a hyperlink to an interesting picture, which instead leads to a malicious file. The link appears in an instant message sent by an infected machine,” says the company.
Its multilingual capabilities make the worms distinctive, says Kaspersky. IM-Worm.Win32.Zeroll uses 13 different languages, including English, German, Spanish and Portuguese, to target users in their own language.
To date, the company says Mexico, Brazil, Peru and the US have seen the highest numbers of infections, although many have also been reported in Africa, India and European countries, particularly Spain.
In terms of its features, the worm family has backdoor functionality, meaning it can gain control of a computer without alerting the user, says Kaspersky. “Once it has penetrated a system, the worm contacts a remote command and control centre. After receiving its instructions from the centre via IRC, IM-Worm.Win32.Zeroll starts downloading other malicious programs.”
Interestingly, this IM worm connects to different IRC channels depending on the country and the infected application. In this way, a hacker controlling a network of infected computers can classify them according to the country and IM client and send out different commands, a useful tool when distributing targeted spam.
“It appears that the worm's creators are currently in the early stages of their criminal activities,” says Dmitry Bestuzhev, Kaspersky Lab's regional expert for Latin America. “They are infecting as many machines as possible in order to gain financially from other hackers for things such as pay per install, spam and so on.”
Share
