Experts at SophosLabsâ„¢, Sophos's global network of virus and
spam analysis centres, have warned users to be on their guard
against a worm which spreads via instant messaging, posing as a
funny screensaver.
The W32/Kelvir-F worm spreads
via Windows Messenger using a variety of different messages,
sending itself to every person in the infected computer's
contacts.
The messages sent by the worm are randomly chosen from the
following list:
-
hey check this out I almost pee'd my pants
<URL>
-
wow, i almost fell off the chair when i saw this
<URL>
-
haha i just found the funniest drawing, check it out
<URL>
-
wow, this drawing makes you feel like your on some type of
drug <URL>
-
crazy, its like a virtual acidtrip or something, check it
out <URL>
Clicking on the URL takes the user to a web page containing a
file called funnyashell.scr. At the time of analysis the
file available for download contained the dangerous W32/Rbot-ZU internet worm
which can quickly infect unprotected unpatched computers connected
to the internet, without requiring any user interaction.
"More people are becoming aware that they need to be suspicious
of unsolicited email attachments, but many are still oblivious to
the dangerous other ways in which viruses can attack their
systems," said Graham
Cluley, senior technology consultant for Sophos. "Users of
instant messaging software must run up-to-date virus protection
software on their desktop computers, as well as exercising caution
about what they choose to run or click on."
"Furthermore, people need to get out of the bad habit of
exchanging joke programs, funny screensavers and the like
willy-nilly with each other," continued Cluley. "Virus writers will
often disguise their malware as this kind of content in an attempt
to lure people into clicking before they think."
Although there have only been a small reports of the worm,
Sophos recommends computer users ensure their anti-virus software
is up-to-date, and that companies protect themselves with a
consolidated solution which can defend them
from the threats of both spam and viruses.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.