Reuters Suspends IM Service Due to Kelvir Worm

Reuters takes down its enterprise IM service to prevent the spread of a Kelvir-worm variant that lures users into clicking a malicious link.

Reuters shut down its enterprise instant-messaging service Thursday after a variant of the Kelvir worm began circulating through the network.

The London-based company suspended the Reuters Messaging service at about 8:30 a.m. London time and was expecting to restore access by the start of business on Friday, a Reuters spokeswoman confirmed.

The suspension resulted from the spread of an IM worm that attempts to get users to download malicious code by way of a link included in a message, according to security researchers. The worm replicates by sending the malicious message to contacts in an infected users contact list.

Called Kelvir-Re, the worm is a variant of a series of Kelvir worms that previously had targeted Microsoft Corp.s MSN Messenger and Windows Messenger clients, according to IMLogic Inc.s Threat Center.

"In order to protect our customers and other users and to prevent Reuters Messaging from being used to propagate this worm, Reuters has temporarily suspended its messaging service and is working to resolve the matter," said spokeswoman Denise Behrens in a statement.

According to an online alert from Reuters, the site hosting the worm has been taken down as of Thursday afternoon.

Reuters Messaging is a more private IM network compared to the major networks such as MSN Messenger, AOL Instant Messenger and Yahoo Messenger. Targeted toward financial services companies, the Reuters service has about 60,000 users, including about 16,000 of its own employees, Behrens said.

/zimages/4/28571.gifClick here to read about AOLs effort to connect with enterprise IM systems.

While the Reuters IM network is heavily controlled, it also had begun to interconnect with the larger IM networks. Reuters previously announced that it was testing interoperability between Reuters Messaging and the AIM and MSN Messenger networks.

An AOL spokeswoman said that AOL did not expect the worm to cross over into its IM network since it has yet to fully deploy its federation with Reuters Messaging. A Microsoft spokeswoman said the worm was contained to Reuters and had not affected Microsoft customers.

Throughout this week, security vendors including Trend Micro Inc. and Symantec Corp. have reported on the spread of multiple new variants of the Kelvir IM worm, largely affecting MSN Messenger users.

Senior Writer Ryan Naraine contributed to this report.

/zimages/4/28571.gifCheck out eWEEK.coms for more on IM and other collaboration technologies.