Kaspersky Lab detects new IM worm’s capability of spreading via almost all instant messengers

Kaspersky Lab, a leading developer of secure content management solutions, announces the detection of a new family of computer wormsthat are spreading via numerous instant messaging clients. What makes the worms distinct and highly unusual for this class of program is the fact that they are multilingual and capable of infecting users via several IM clients simultaneously, including Yahoo! Messenger, Skype, Paltalk Messenger, ICQ, Windows Live Messenger, Google Talk and the XFire client for gamers.

Four variants of this worm have been detected so far by experts at Kaspersky Lab, who have named the family IM-Worm.Win32.Zeroll. Once it penetrates a computers security settings, it searches present IM clients contact lists and sends itself to all the addresses it finds. Infection occurs when a user follows what they think is a hyperlink to an interesting picture, which instead leads to a malicious file. The link appears in an instant message sent by an infected machine.

The fact that it is multilingual also makes the new family of IM worms stand out. IM-Worm.Win32.Zeroll uses 13 different languages, including English, German, Spanish and Portuguese, sending users in various countries messages in a language that they will understand. At the present time, Mexico, Brazil, Peru and the USA have seen the greatest numbers of infections, but many instances have also been recorded in Africa, India and European countries, particularly Spain.

IM-Worm.Win32.Zeroll has backdoor functionality, which means it can gain control of a computer without the user's knowledge. Once it has penetrated a system, the worm contacts a remote command and control centre. After receiving its instructions from the centre via IRC, IM-Worm.Win32.Zeroll starts downloading other malicious programs. Interestingly, this new breed of IM worm connects to different IRC channels depending on the country and the infected application. This means that a hacker controlling a network of infected computers can classify them according to the country and IM client and send out different commands, which is useful, for example, when distributing targeted spam.

“It appears that the worm's creators are currently in the early stages of their criminal activities,” said Dmitry Bestuzhev, Kaspersky Lab's Regional Expert for Latin America. “They are infecting as many machines as possible in order to gain financially from other hackers for things such as pay per install, spam and so on.”

All Kaspersky Lab products successfully detect and neutralize the new family of IM worms.

About Kaspersky Lab:
Kaspersky Lab is the largest antivirus company in Europe. It delivers some of the world's most immediate protection against IT security threats, including viruses, spyware, crimeware, hackers, phishing, and spam. The company is ranked among the world's top four vendors of security solutions for endpoint users. Kaspersky Lab products provide superior detection rates and one of the industry's fastest outbreak response times for home users, SMBs, large enterprises and the mobile computing environment. Kaspersky® technology is also used worldwide inside the products and services of the industry's leading IT security solution providers. Learn more at www.kaspersky.com. For the latest on antivirus, anti-spyware, anti-spam and other IT security issues and trends, visit www.viruslist.com