Kirvo Trojan targets MSN Messenger and AOL IM…
Published: 22 July 2005 08:55 GMT
Microsoft's MSN Messenger and AOL's Instant Messenger services are being targeted by malicious messages containing links that could infect a computer with a Trojan horse or dangerous worm.
The latest threat is a Trojan called Kirvo, which arrives in the form of an instant message from someone on the user's "friends" list. The message contains a link to a website which, if clicked on, loads a copy of Kirvo onto the computer, according to an advisory from security company Symantec.
Kirvo is pre-programmed to then fetch a copy of Spybot, a dangerous worm that can take advantage of software vulnerabilities to spy on the user.
Tim Hartman, systems engineer director of Symantec in the Asia-Pacific region and Japan, said Kirvo worked in tandem with Spybot and the malware author's zombie army to seek out and infect more computers.
"All [Kirvo] does is take advantage of the user by by enticing him or her to click the link and launch the Trojan. Once launched, it attempts to download a variant of Spybot, which is a true worm that takes advantage of several vulnerabilities. Kirvo appears to have been developed to assist SpyBot propagation and increase the army of Spybot zombies on the internet," he said.
Microsoft and AOL could not be immediately reached for comment.
Alan Bell, marketing director for antivirus firm McAfee, said that those responsible for Kirvo and Spybot have law enforcement authorities chasing phantoms by using compromised computers to supply copies of the worm over automated redirection services.
"If you are on a link where your IP address is changing all the time - like dial-up and to a lesser extent, broadband - you can register with a service that keeps track of your IP address. As your IP address changes, requests can be redirected. If the authorities chased up that IP address they would probably find some company that makes pots and pans that has a zombie computer," said Bell.
Spybot is one of the most prevalent worms on the internet, according to Bell, who said that a recent report from McAfee found that bot activity had increased more than 300 per cent between the first and second quarter of this year.
Munir Kotadia writes for ZDNet Australia
Security Consultant (Symantec SEP, SEE, SAV) Our client is an award winning single supplier of all IT security requirements, and are experts in ...
The role will allow you to work with some of the largest vendors in the marketplace including Symantec, McAfee, F5 Networks and Sophos and you will ...
Backup Systems Engineer - Symantec Netbackup - Glasgow. Backup Systems Engineer with Symantec Netbackup experience required for my Glasgow based ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Bob Tarzey Why you must rein in your power users When they do damage, it can be catastrophic to your business
Jon Collins Is losing a mobile device really such a big deal? How to minimise the damage to your business