Experts at SophosLabs™, Sophos's global network of virus and
spam analysis centres, have warned users to be on their guard
against a worm which spreads via instant messaging, posing as a
The W32/Kelvir-F worm spreads
via Windows Messenger using a variety of different messages,
sending itself to every person in the infected computer's
The messages sent by the worm are randomly chosen from the
hey check this out I almost pee'd my pants
wow, i almost fell off the chair when i saw this
haha i just found the funniest drawing, check it out
wow, this drawing makes you feel like your on some type of
crazy, its like a virtual acidtrip or something, check it
Clicking on the URL takes the user to a web page containing a
file called funnyashell.scr. At the time of analysis the
file available for download contained the dangerous W32/Rbot-ZU internet worm
which can quickly infect unprotected unpatched computers connected
to the internet, without requiring any user interaction.
"More people are becoming aware that they need to be suspicious
of unsolicited email attachments, but many are still oblivious to
the dangerous other ways in which viruses can attack their
systems," said Graham
Cluley, senior technology consultant for Sophos. "Users of
instant messaging software must run up-to-date virus protection
software on their desktop computers, as well as exercising caution
about what they choose to run or click on."
"Furthermore, people need to get out of the bad habit of
exchanging joke programs, funny screensavers and the like
willy-nilly with each other," continued Cluley. "Virus writers will
often disguise their malware as this kind of content in an attempt
to lure people into clicking before they think."
Although there have only been a small reports of the worm,
Sophos recommends computer users ensure their anti-virus software
is up-to-date, and that companies protect themselves with a
consolidated solution which can defend them
from the threats of both spam and viruses.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.