Advanced instant messenger threat discovered

Yahoo! Messenger, Skype, Windows Live, and Google Talk among those targeted.
Warnings have been made about worms that are spreading via instant messaging (IM) clients.

Kaspersky Lab said that the new family of worms are multilingual and capable of infecting users via several IM clients simultaneously, including Yahoo! Messenger, Skype, Paltalk Messenger, ICQ, Windows Live Messenger, Google Talk and the XFire client for gamers.

Kaspersky said that four variants of IM-Worm.Win32.Zeroll have been detected so far. Kaspersky Lab said that once the worm penetrates a computer, it looks in the contact list of any IM client present and sends itself to all the addresses it finds. Infection occurs when a user follows what they think is a hyperlink in an instant message to an interesting picture, that leads to a malicious file.

IM-Worm.Win32.Zeroll also has backdoor functionality to gain control of a computer without the user’s knowledge. Once it has penetrated a system, the worm contacts a remote command and control centre and after receiving its instructions it starts downloading other malicious programs.

Kaspersky Lab said it uses 13 different languages, including English, German, Spanish and Portuguese, sending users in various countries messages in a language that they will understand.
At the present time, Mexico, Brazil, Peru and the USA have seen the greatest numbers of infections, but many instances have also been recorded in Africa, India and European countries, particularly Spain.

Dmitry Bestuzhev, Kaspersky Lab’s regional expert for Latin America, said: “It appears that the worm’s creators are currently in the early stages of their criminal activities. They are infecting as many machines as they can in order to get good offers from other crooks for such things as pay per install, spam and so on.”

Kaspersky Lab also said that the new breed of IM worm connects to different IRC channels depending on the country and the instant messaging clients located on the computer. This means a hacker controlling a network of infected computers can classify them according to country and IM client and send out different commands, which is useful, for example, when distributing targeted spam.