Advertisement
Promo

Security threats Toolkit

Polyglot worm attacks MSN users

Joris Evers CNET News

Published: 25 Aug 2005 09:00 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

A new MSN Messenger worm often talks to people in their own tongue as it hunts for new victims, security experts have warned.

The worm, dubbed Kelvir.HI, tailors the language of its attack message to the compromised system, said David Jaros, the director of product marketing at security vendor Akonix Systems, on Wednesday. It can send messages in English, Dutch, French, German, Greek (English alphabet), Italian, Portuguese, Swedish, Spanish and Turkish, he noted.

"It appears to check which language the Windows client is configured to use," he said. "This is the first time that we have seen a worm that checks the system settings and then sends a specific message."

When it hits an English system, the worm sends out the following message: "haha i [sic] found your picture!" The message is sent to everybody on a user's contacts list. The message includes a Web link that when clicked on will download malicious software that installs a backdoor and furthers the spread of the worm, Jaros said.

The worm is a variant of the Kelvir pest that first surfaced in February. To date, there have been 103 variants of Kelvir, according to IM security company Akonix.

The worm spreads via Microsoft's MSN Messenger instant messaging service and affects computers running Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003 and Windows XP, according to a Symantec advisory.

The multilingual Kelvir is a sign that virus developers are getting more inventive and more global in terms of their target market, Jaros said. "They go after not only English speakers, but also other languages. I think we will definitely see more worms that cast a wider net."

Threats to instant messaging and peer-to-peer systems are on the rise, Akonix said. The threats are not only more frequent, but attackers are increasingly morphing their software to circumvent security measures, the company said.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
69 out of 125 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

2 comments

  1. So how do I prevent this Polyglot worm attack on m... Anonymous
  2. I THINK THAT ALL THIS PEOPLE CREATING THIS TYPE OF... Anonymous

Related Links

More In Security threats



Company/Topic Alerts

Create a new alert from the list below:







Related Jobs

Messaging Support Analyst - MS Exchange, Active Directory, London Perm

Microsoft Exchange Administrator

Websphere MQ Specialist - Integration, Support, Messaging

Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Authentication risks all too human

Risks to successful online banking identification and authentication using smartcards involve a mixture of human and technological factors, according to the European Network and Information... More

1 comment

Opera censors Chinese content

Opera has updated the Chinese version of its mobile browser to stop users accessing restricted content. Opera Mini was updated on Friday from an international to a Chinese version,... More

2 comments

Symantec website breached

Security company Symantec has said that one of its websites was successfully breached. Romanian security researcher 'Unu' posted details of the breach in a blog post on Monday. Unu... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters