Ho Ho No! Santa Worm On IM

By: David A. Utter in a WebPro Newsletter

Users of instant messaging systems MSN, AIM, ICQ, and Yahoo could
get smacked with a worm that entices people to click on a link to
Santa Claus.

This gift is one you’ll wish you’d never opened. The IM.GiftCom.All
worm arriving by those IM systems or over Windows Messenger appears
to be a URL linked to a picture of Santa Claus. IMLogic, which
discovered the worm, posted that clicking the URL launches an
executable file.
Once that file gets started, it embeds itself into the PC as a
rootkit, and scans the registry, file system, and Internet cache.
IMLogic also said the process hides from antivirus and other system
tools that might detect it. The worm also logs keystrokes and may
also try to spread itself to other users over IM to usernames it
grabs from those services on the infected PC.

While its method of distribution doesn’t make it a big threat, the
amount of damage it can do to a system caused IMLogic to rate it as
a Medium threat, a company executive told CNet News.

Users and administrators should ensure they are running the most
current versions of their antivirus engines and that signature files
have been updated to help repel the threat. Also, people will want
to be careful about clicking on links in messages that arrive
unexpectedly, even if they appear to be from a legitimate messaging
buddy.

Resist the temptation to click on that link even if it comes from your best friend…

Hi Bob, I chat with my friends on AIM , YIM and MSN. By now, it’s no joke. These past along IM things are so… stupid. I get them when I log-In at times. They say something about choose this and that but I never do it. I’m very aware of the worm though. Thx’s for the heads up :slight_smile:

Hi Inu-Ya,

Well good to have some fix-tools ready, just in case like Mr. Loden’s Aimfix, BlockRemover, Aurorafix, Hostfix, IEFix and a last resort tool. Get it from Jay Loden’s site at:
http://www.jayloden.com/VirusClean.htm , especially when aim viruses have a high Christmas frequency and a wrong link is easily clicked. Scan with DrWeb hyperlink pre-scanner plug-in for Opera, Flock and of course also for Internet Explorer.
Use Internet Explorer always with a surfing condom, that is use it with common user rights.

greets,

polonus

goog for you advicing us about i had a bad experience with a worm that…literally ate a file from Windows XP ??? :o it’s name is newnet.dll and every single time i started my computer it was poping up saying: the newnet.dll is missing :o but for this moment i dont know the name o that worm…

thanks for saying it

These who use Miranda IM or GAIM can ignore such warnings :slight_smile:


Give them time and they will be on those IMs also. :frowning:

Whenever something becomes popular is when the malware appears. :frowning: