A new Christmas-themed worm attack is underway, delivering an offensive rootkit payload over the AOL, MSN, Windows Messenger, ICQ and Yahoo instant messaging networks.
The worm, identified as IM.GiftCom.All, was discovered by researchers at IMLogic Inc.s Threat Center spreading via IM and attempting to trick users into clicking on a malicious URL.
The link lures the target into visiting a harmless Santa Claus Web site, but actually installs a rootkit payload to the victims machine, IMLogic said in an advisory.
“The rootkit payload is often named gift.com and when executed hides itself on the users system, attempts to shutdown desktop anti-virus software and starts collecting the infected users information for broadcast over the Internet,” the company explained.
Once a machine becomes infected, the worm takes control of the users buddy list and broadcasts itself to all available recipients.
IMLogic rates the threat as “medium” and warned that propagation is possible on the five most popular IM networks.
It is not yet clear if the worm is associated with IRC bot families used in previous IM worm attacks.
The appearance of a Christmas-themed worm comes as no surprise.
Virus writers have found a sweet spot with the use of slick social engineering techniques to trick computer users into downloading nasty malware programs.
Earlier this month, a worm on the AIM network was seen carrying on text-based conversations with potential victims if a first attempt at infection failed.
If the victim replied to the IM to doubt the legitimacy of the link being sent, the worm replied with the following message: “lol no its not its a virus.”
