Reuters was temporarily forced to shut down its instant messaging service Thursday after a computer worm spread across its network. The culprit - Kelvir-U - is a variant of a worm family that targets MSN and Windows Messenger clients and previously posed no risk to Reuters' tightly-controlled messaging network. This is the first incident where a virus has targeted a privately controlled user community, IM security firm IMlogic reports.
Security firm Akonix reports that it has received "multiple reports from organizations whose networks have been compromised by the Kelvir worm". It said the latest Kelvir variant is rapidly spreading over instant messaging (IM) networks.
Like other social engineering attacks, the Kelvir-U worm sends an IM to people on an infected user's contact list that encourages the recipient to click on a URL link within the message. Once the link is opened, a version of the Spybot worm is downloaded and the worm then sends itself to the newly-infected user's contact list. Spybot opens up a backdoor on infected machines allowing them to be subsequently misused by hackers for nefarious purposes, such as distributing spam. ®