Advertisement
Promo

Security threats Toolkit

Kelvir IM worm spreading fast

Munir Kotadia ZDNet Australia

Published: 15 Apr 2005 10:35 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

The latest Kelvir worm variant has started spreading over multiple instant-messaging applications. The latest attack has been successful, according to antivirus firm Kaspersky, because of its ability to manipulate PHP links.

Kelvir — first discovered in February — originally used MSN Messenger to spread. However, now with around a dozen variants, the malware has evolved to a state where it can use a range of IM applications and collect email addresses without having to infect that user.

Roel Schouwenberg, senior research engineer at Kaspersky, said in the company's Web log that the latest Kelvir variant adds the name of the potential victim's e-mail address to the link. Should the recipient click on the link and run the executable, they will also be infected by the worm. However, even if the user does not run the executable, their email address will still be sent to the worm's author for use in a future attack.

"When the link is clicked, the user is presented with a prompt to execute or save an MS-DOS application. By now, users will hopefully be suspicious and not run the application. But as soon as the user clicks the link, their email address is harvested. So even if the user doesn't run the MS-DOS application, the brains behind Kelvir get another address to spam," said Schouwenberg.

International media firm Reuters was forced to shut down its internal IM application this week after some of its users were infected by the Kelvir worm. The company decided to take its Reuters Messaging IM system completely offline after noticing an attack on its network.

Munir Kotadia reported from Sydney for ZDNet Australia. For more ZDNet Australia stories, click here.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
66 out of 128 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

3 comments

  1. The simple way to avoid problems like this is to r... Anonymous
  2. Mwahaha, Improved kelvir is going to be released... Anonymous
  3. this is kind of funny actually. Virus versio... Anonymous

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:







Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Authentication risks all too human

Risks to successful online banking identification and authentication using smartcards involve a mixture of human and technological factors, according to the European Network and Information... More

1 comment

Opera censors Chinese content

Opera has updated the Chinese version of its mobile browser to stop users accessing restricted content. Opera Mini was updated on Friday from an international to a Chinese version,... More

2 comments

Symantec website breached

Security company Symantec has said that one of its websites was successfully breached. Romanian security researcher 'Unu' posted details of the breach in a blog post on Monday. Unu... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters