By Dawn Kawamoto, 21 December 2005 08:25
NEWS
A Santa Claus worm is attempting to trick AOL, Microsoft MSN and Yahoo! instant-messaging users into clicking on a file that delivers unwanted software to a victim's computer.
The IM.GiftCom.All worm attempts to dupe IM users into thinking an acquaintance has sent them a link to a harmless Santa Claus file, according to a security advisory issued on Tuesday by IMlogic.
People who click on the file will see an image of Santa but what they are less likely to notice is a so-called rootkit being installed onto their system. A rootkit is a tool designed to go undetected by the security software used to lock down control of a computer after an initial hack. The malicious attacker can then distribute messages to the user's IM contacts, using a similar technique to lure the unsuspecting acquaintance to click on the link.
The Santa worm is the latest tactic to be used on IM networks. Past tricks have included offers of movie clips to the latest release of Star Wars that instead led to an infected computer.
Worms on IM networks can spread rapidly. They appear as a message from a buddy with a link that looks innocent but in fact points to malicious code somewhere on the internet. Once the user clicks on the link, malicious code is installed and runs on the computer. The worm then spreads itself by sending messages to all names on the victim's contact list.
IMlogic is rating the IM.GiftCom.All worm a "medium" security threat.
Art Gilliland, vice president of products for IMlogic, said: "This worm is a medium threat in terms of its distribution but in terms of the damage it can create it's a more severe threat."
He added: "It's not a very happy delivery."
CNET News.com's Joris Evers contributed to this report
Dawn Kawamoto writes for CNET News.com
In order to post a comment you need to be registered and logged in.
Log in or create your silicon.com account below