Worm Kelvir is an IM worm that spreads itself through MSN Messenger.
This worm sends malicious links to Contact List recipients. Tow examples of the malicious links are as follows:
jose.rivera4.home.att.net/cute.pif
home.earthlink.net/~gallery10/omg.pif
Once users click one of the malicious links, the worm will download and execute a variant of W32.Spybot.Worm, thus causing Backdoors installed on to vulnerable hosts unknowingly.
BroadWeb Security Service Team (BSST) has released the countermeasure signatures in signature versioin 2.79, which includes:
# 1051804_ Worm.KELVIR.A (malicious HTTP link in MSN message)
# 1051805_ Worm.KELVIR.A (download worm via malicious link)
NetKeeper users are urged to upgrade their signature patterns to version 2.79 or later in order to thwart these attacks.
(BSST, Broadweb Security Service Team) |
