Ho Ho No! Santa Worm On IM

    December 20, 2005
    WebProNews Staff

Users of instant messaging systems MSN, AIM, ICQ, and Yahoo could get smacked with a worm that entices people to click on a link to Santa Claus.

This gift is one you’ll wish you’d never opened. The IM.GiftCom.All worm arriving by those IM systems or over Windows Messenger appears to be a URL linked to a picture of Santa Claus. IMLogic, which discovered the worm, posted that clicking the URL launches an executable file.

Once that file gets started, it embeds itself into the PC as a rootkit, and scans the registry, file system, and Internet cache. IMLogic also said the process hides from antivirus and other system tools that might detect it. The worm also logs keystrokes and may also try to spread itself to other users over IM to usernames it grabs from those services on the infected PC.

While its method of distribution doesn’t make it a big threat, the amount of damage it can do to a system caused IMLogic to rate it as a Medium threat, a company executive told CNet News.

Users and administrators should ensure they are running the most current versions of their antivirus engines and that signature files have been updated to help repel the threat. Also, people will want to be careful about clicking on links in messages that arrive unexpectedly, even if they appear to be from a legitimate messaging buddy.

Email the author here.

Add to | Yahoo My Web

David Utter is a staff writer for WebProNews covering technology and business.