RealTime IT News

In Any Language, IM Worm a Pain

A new "multiple language" smart worm is spreading through Instant Messaging, checking system settings of IM clients and then sending messages in the appropriate language.

The virus appears to be a new variant of the Kelvir instant messaging (IM) worm dubbed Kelvir.HI, propagating over a leading public IM network, said security firm Akonix.

Akonix says it is the first worm ever identified that intelligently checks system settings and delivers the worm in the proper language.

"The rise of IM threats is mostly 2005 phenomena," Francis Costello, CTO at Akonix, said. "For the most part these social engineering attacks are pretty basics. Except this one."

Costello also said this form of advanced social engineering, where a virus discovers which language a user is working in, and then propagates itself in the same language, is a trend likely to continue.

So far the worm has only been spotted on the MSN IM client.

"It figures if you're speaking French, your buddy is also speaking French," he said.

Earlier this month, the Akonix Security Center reported a total 42 new threats aimed at corporate IM systems in July, which is a 24 percent increase over the previous month.

The Akonix Security Center has classified the most recent worm as low risk and immediately used the industry's only real-time IM malware, SPIM and protocol update system to automatically push updates to customers for protection against this threat.

So far the smart worm has been spotted in 10 languages, delivering the same line: "haha i found your picture!" The languages are: English, Spanish, Dutch, French, German, Greek, Swedish, Italian, Portuguese and Turkish.

The virus moves once users click on the link in the message, a copy of the Spybot worm is automatically downloaded to their computer. Spybot is a backdoor program that, among other malicious activity, can end security applications, log keystrokes and receive remote commands, according to Akonix.