Polyglot worm attacks MSN users
Published: 25 Aug 2005 09:00 BST
A new MSN Messenger worm often talks to people in their own tongue as it hunts for new victims, security experts have warned.
The worm, dubbed Kelvir.HI, tailors the language of its attack message to the compromised system, said David Jaros, the director of product marketing at security vendor Akonix Systems, on Wednesday. It can send messages in English, Dutch, French, German, Greek (English alphabet), Italian, Portuguese, Swedish, Spanish and Turkish, he noted.
"It appears to check which language the Windows client is configured to use," he said. "This is the first time that we have seen a worm that checks the system settings and then sends a specific message."
When it hits an English system, the worm sends out the following message: "haha i [sic] found your picture!" The message is sent to everybody on a user's contacts list. The message includes a Web link that when clicked on will download malicious software that installs a backdoor and furthers the spread of the worm, Jaros said.
The worm is a variant of the Kelvir pest that first surfaced in February. To date, there have been 103 variants of Kelvir, according to IM security company Akonix.
The worm spreads via Microsoft's MSN Messenger instant messaging service and affects computers running Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003 and Windows XP, according to a Symantec advisory.
The multilingual Kelvir is a sign that virus developers are getting more inventive and more global in terms of their target market, Jaros said. "They go after not only English speakers, but also other languages. I think we will definitely see more worms that cast a wider net."
Threats to instant messaging and peer-to-peer systems are on the rise, Akonix said. The threats are not only more frequent, but attackers are increasingly morphing their software to circumvent security measures, the company said.
Did you find this article useful?
68 out of 123 people found this useful
- Share this article:
Full Talkback thread
2 comments
