|
MSN MessagerNew worms spreading through MSN Messenger -- and its bundled-with-Windows Windows Messenger version --
via links to a malicious site are infecting users and leaving their PCs open to hacker hijack, security vendors reported
Monday.
The new worms, tagged as Kelvir.a and Kelvir.b, appeared over the weekend and on Monday, respectively, anti-virus vendors
said. Both use the same mechanism to attract users and infect Windows-based PCs: they include a link in the instant message.
That link, in turn, downloads a malicious file -- the actual worm, a variant of the long-running Spybot -- which opens a
backdoor to the compromised machine.
Kelvir spreads by sending itself to all the MSN/Windows Messenger contacts on the infected PC, and poses as cryptic
messages such as "lol! see it! u'll like it!" and "omg this is funny!" The link opens a .pif-formatted file.
.pif files are also often a format-of-choice for mass-mailed worms.
Also on Monday, another worm -- dubbed Sumon.a by U.K.-based Sophos -- was discovered spreading via MSN/Windows Messenger.
Sumon, which propagates over peer-to-peer file-sharing networks as well, is much more aggressive. It disables a long list
of security software, tries to overwrite the HOSTS file so commonly-accessed security Web sites can't be reached, and picks
from a large number of links, including "Fat Elvis! lol!" and "Crazy frog gets killed by train!" to entice downloads.
|
