Threat Analysis Center

 

powered by

 

BroadWeb Security Service Team

                                                                                              

 
 Worm.KELVIR.A (malicious HTTP link in MSN message)

 

 Worm Kelvir is an IM worm that spreads itself through MSN Messenger.

This worm sends malicious links to Contact List recipients. Tow examples of the malicious links are as follows:

jose.rivera4.home.att.net/cute.pif
home.earthlink.net/~gallery10/omg.pif

Once users click one of the malicious links, the worm will download and execute a variant of W32.Spybot.Worm, thus causing Backdoors installed on to vulnerable hosts unknowingly.

BroadWeb Security Service Team (BSST) has released the countermeasure signatures in signature versioin 2.79, which includes:

# 1051804_ Worm.KELVIR.A (malicious HTTP link in MSN message)
# 1051805_ Worm.KELVIR.A (download worm via malicious link)

NetKeeper users are urged to upgrade their signature patterns to version 2.79 or later in order to thwart these attacks.

(BSST, Broadweb Security Service Team)

 

About BSST
BSST Training Course
Threat Analysis Center
Product Registration
Downloads
Leave Messages
Locate a Channel Partner





 

 

Submit
Reset

 


 

BroadWeb Corporation
222 S. Harbor Blvd. #680, Anaheim, CA 92805, USA
Asia Headquarters:

    3F, 24-1, Industry East Rd. IV, Science Based Industrial Park. Hsin Chu, Taiwan.

 
Designed by Creatop