Security threats Toolkit

Santa Claus worm tricks IM users

Tags:
Santa Claus,
Worm,
Instant Messaging

Dawn Kawamoto CNET News

Published: 21 Dec 2005 09:30 GMT

A Santa Claus worm is attempting to trick America Online, Microsoft MSN and Yahoo instant-messaging users into clicking on a file that delivers unwanted software to a victim's computer.

The IM.GiftCom.All worm attempts to dupe IM users into thinking an acquaintance has sent them a link to a harmless Santa Claus file, according to a security advisory issued on Tuesday by IMlogic.

People who click on the file will see an image of Santa, but what they are less likely to notice is a rootkit being installed on their system. A rootkit is a tool designed to hide processes and files from the security software used to lock down control of a computer after an initial hack. The malicious attacker can then distribute messages to the user's IM contacts, using a similar technique to lure the unsuspecting acquaintance to click on the link.

The Santa worm is the latest tactic to be used on IM networks. Past tricks have included offers of movie clips to the latest release of "Star Wars" that instead led to an infected computer.

Worms on IM networks can spread rapidly. They appear as a message from a buddy with a link that looks innocent, but in fact points to malicious code somewhere on the Internet. Once the user clicks on the link, malicious code is installed and runs on the computer. The worm then spreads itself by sending messages to all names on the victim's contact list.

IMlogic is rating the IM.GiftCom.All worm a "medium" security threat.

"This worm is a medium threat in terms of its distribution, but in terms of the damage it can create, it's a more severe threat," said Art Gilliland, vice president of products for IMlogic.

"It's not a very happy delivery," he added.

CNET News.com's Joris Evers contributed to this report.