New Worm – Kelvir.A

W32.Kelvir.A – first time I’ve ever seen an IM worm – bypassing traditional means of propagation, leveraging instant messaging tools to display a hyperlinked URL that, if clicked, will bring the user to a page where a trojan is waiting to be mounted (a variant of w32.spybot.worm). It can also be a hyperlink to download a *.pif file (a shortcut) to the user’s desktop. The message dispalyed to the end user is variable:

• omg this is funny! [hyperlink]
• [hyperlink] lol! You have to see this! You’ll love it!

As if email was bad enough – now we have a new delivery channel we have to watch out for: instant messaging engines.

R
www.micklerandassociates.com
(C) 2005. All rights reserved.

Name (required)

Mail (will not be published) (required)

Website

Notify me of follow-up comments by email.

Notify me of new posts by email.