Advertisement
Promo

Security threats Toolkit

Polyglot worm attacks MSN users

Joris Evers CNET News

Published: 25 Aug 2005 09:00 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

A new MSN Messenger worm often talks to people in their own tongue as it hunts for new victims, security experts have warned.

The worm, dubbed Kelvir.HI, tailors the language of its attack message to the compromised system, said David Jaros, the director of product marketing at security vendor Akonix Systems, on Wednesday. It can send messages in English, Dutch, French, German, Greek (English alphabet), Italian, Portuguese, Swedish, Spanish and Turkish, he noted.

"It appears to check which language the Windows client is configured to use," he said. "This is the first time that we have seen a worm that checks the system settings and then sends a specific message."

When it hits an English system, the worm sends out the following message: "haha i [sic] found your picture!" The message is sent to everybody on a user's contacts list. The message includes a Web link that when clicked on will download malicious software that installs a backdoor and furthers the spread of the worm, Jaros said.

The worm is a variant of the Kelvir pest that first surfaced in February. To date, there have been 103 variants of Kelvir, according to IM security company Akonix.

The worm spreads via Microsoft's MSN Messenger instant messaging service and affects computers running Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003 and Windows XP, according to a Symantec advisory.

The multilingual Kelvir is a sign that virus developers are getting more inventive and more global in terms of their target market, Jaros said. "They go after not only English speakers, but also other languages. I think we will definitely see more worms that cast a wider net."

Threats to instant messaging and peer-to-peer systems are on the rise, Akonix said. The threats are not only more frequent, but attackers are increasingly morphing their software to circumvent security measures, the company said.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
69 out of 125 people found this useful


In association with Network Liberation Movement

Talkback

Post a comment


Full Talkback thread

2 comments

  1. So how do I prevent this Polyglot worm attack on m... Anonymous
  2. I THINK THAT ALL THIS PEOPLE CREATING THIS TYPE OF... Anonymous

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:







Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

DNA details of innocent will be kept f...

The government has announced that it plans to keep innocent people's DNA details for up to six years. In response to a consultation it launched last December, the government said... More

3 comments

Motorola Droid Drops Today: Happy Droi...

Motorola Droid Drops Today: Happy Droid Day America! Author: Eric Everson, Mobile Security Expert If you’re wondering what all of the buzz is about with words like Droid and Android... More

Post a comment

Mobile Security Profile: BlackBerry St...

Mobile Security Profile: BlackBerry Storm2 Author: Eric Everson BlackBerry handsets are a staple of office culture; from syncing calendars to sharing business-related data,... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters