[ISN] IM worm speaks your language

InfoSec News isn at c4i.org
Thu Aug 25 06:45:12 EDT 2005


http://news.com.com/IM+worm+speaks+your+language/2100-7349_3-5842767.html

By Joris Evers 
Staff Writer, CNET News.com 
August 24, 2005

A new MSN Messenger worm often talks to people in their own tongue as
it hunts for new victims, security experts have warned.

The worm, dubbed Kelvir.HI, tailors the language of its attack message
to the compromised system, said David Jaros, the director of product
marketing at security vendor Akonix Systems, on Wednesday. It can send
messages in English, Dutch, French, German, Greek (English alphabet),
Italian, Portuguese, Swedish, Spanish and Turkish, he noted.

"It appears to check which language the Windows client is configured
to use," he said. "This is the first time that we have seen a worm
that checks the system settings and then sends a specific message."

When it hits an English system, the worm sends out the following
message: "haha i found your picture!" The message is sent to everybody
on a user's contacts list. The message includes a Web link that when
clicked on will download malicious software that installs a backdoor
and furthers the spread of the worm, Jaros said.

The worm is a variant of the Kelvir pest that first surfaced in
February. To date, there have been 103 variants of Kelvir, according
to IM security company Akonix.

The worm spreads via Microsoft's MSN Messenger instant-messaging
service and affects computers running Windows 2000, Windows 95,
Windows 98, Windows Me, Windows NT, Windows Server 2003 and Windows
XP, according to a Symantec advisory.
 
Previous Next The multilingual Kelvir is a sign that virus developers
are getting more inventive and more global in terms of their target
market, Jaros said. "They go after not only English speakers, but also
other languages. I think we will definitely see more worms that cast a
wider net."

Threats to instant messaging and peer-to-peer systems are on the rise,
Akonix said. The threats are not only more frequent, but attackers are
increasingly morphing their software to circumvent security measures,
the company said.





More information about the ISN mailing list