IM Worm Makes New Use Of Old Techniques

The Sober virus was not the only worm to make its run on Friday. FaceTime Communications reported the discovery of a new worm transmitted via instant messaging.

The new worm targets PCs that have been infected with the lockx.exe or palsp.exe viruses and uses Internet Relay Chat-enabled malware to connect the host to a server for further infection through a series of commands.

One of those commands has the ability to control the AIM client on the infected PC and send a message containing links to the host's buddy list. When recipients click on the link, they become infected with new variants of the IRC-enabled malware along with an installation of "creame.exe," which delivers multiple adware payloads.

This type of new worm illustrates the need for companies to have a solution in place that specifically protects IM applications, said Brian Moody, vice president of sales and development for solution provider Computer Media Technologies, San Jose, Calif. The big problem is that traditional antivirus software will not scan for these types of worms, Moody said.

"The issue to safeguard from this has been to disallow the use of IM, but IM can be an incredible productivity tool," Moody said.

Incorporating security applications in existing antispyware and antivirus programs that deal specifically with IM applications is something that customers are demanding, Moody said, and it validates Symantec’s recent acquisition of IMlogic.

The best way for users to protect themselves from this type of worm is to be careful about clicking on links within an IM, said Tyler Wells, senior director of research and development for FaceTime Communications, Foster City, Calif.

"The worm is relatively simple, but it works well because of the speed of IM. Companies need to take a proactive approach and bring in a solution that deals with these types of attacks," Wells said.