Spy worm spreads over instant messaging

Microsoft's MSN Messenger and AOL's Instant Messenger services are being targeted by malicious messages containing links that could infect a computer with a Trojan horse or dangerous worm.

The latest threat is a Trojan called Kirvo, which arrives in the form of an instant message from someone on the user's "friends" list. The message contains a link to a website which, if clicked on, loads a copy of Kirvo onto the computer, according to an advisory from security company Symantec.

Kirvo is pre-programmed to then fetch a copy of Spybot, a dangerous worm that can take advantage of software vulnerabilities to spy on the user.

Tim Hartman, systems engineer director of Symantec in the Asia-Pacific region and Japan, said Kirvo worked in tandem with Spybot and the malware author's zombie army to seek out and infect more computers.

"All [Kirvo] does is take advantage of the user by by enticing him or her to click the link and launch the Trojan. Once launched, it attempts to download a variant of Spybot, which is a true worm that takes advantage of several vulnerabilities. Kirvo appears to have been developed to assist SpyBot propagation and increase the army of Spybot zombies on the internet," he said.

Microsoft and AOL could not be immediately reached for comment.

Alan Bell, marketing director for antivirus firm McAfee, said that those responsible for Kirvo and Spybot have law enforcement authorities chasing phantoms by using compromised computers to supply copies of the worm over automated redirection services.

"If you are on a link where your IP address is changing all the time - like dial-up and to a lesser extent, broadband - you can register with a service that keeps track of your IP address. As your IP address changes, requests can be redirected. If the authorities chased up that IP address they would probably find some company that makes pots and pans that has a zombie computer," said Bell.

Spybot is one of the most prevalent worms on the internet, according to Bell, who said that a recent report from McAfee found that bot activity had increased more than 300 per cent between the first and second quarter of this year.

Munir Kotadia writes for ZDNet Australia