Rash of Viruses Plaguing MSN Messenger

Malicious code writers have apparently pounced on a known security vulnerability in MSN Messenger, unleashing a rash of new viruses aimed at Microsoft’s instant messenger platform.

The outbreak of viruses comes about three weeks after a vulnerability in the platform was published online. That brought several advisories and warnings from security firms.

Security firms say new versions of the Bropia worm have been spotted in recent days, as have new families of worms known as Kelvir, Sumom and Serflog.

Low Threat Rating

To date at least, none of the code appears to pose much of a threat to computers or the networks to which they are connected, with most security firms giving them low threat ratings. Some of the worms are hidden in attachments carrying crude comics or jokes and appear to be the result of code writers attempting to one-up each other.

That could change over time, however, as more sophisticated versions of the threat are developed. IM-based viruses are troubling to many security experts because the potential exists for them to spread rapidly. Because the worms use an infected user’s list of acquaintances, the infected attachments come from trusted sources.

The payloads include Trojans or other forms of spyware.

“People should be trained not to open attachments that they don’t recognize, especially in network and enterprise settings,” Sophos antivirus consultant Graham Cluley told the E-Commerce Times. While that message has long been preached with respect to e-mail, “it’s just as important, if not more so, with instant messages.”

Because of the instant and friendly nature of IM, users might be less wary of attachments than they would with e-mail, which by its nature leaves more time to consider the source of a message. In addition, many companies do not filter instant messenger traffic the same way they do e-mail, meaning that more malicious payloads can get through firewalls or other gateways.

Some analysts say serious security-related problems with IM could stall uptake of the technology in corporate settings and might force some network administrators to crack down on unauthorized use. In many businesses, employees have downloaded their own freeware versions of IM software without authorization.

“Companies may want to reconsider whether their users really need to online chat with external friends,” Cluley said.

Denting IM Uptake?

Several security firms predicted that IM viruses would be one of the major emerging trends in 2005, along with those targeting mobile devices.

Such code has grown in number, complexity and aggressiveness in recent weeks. The latest example, the Sumon worm, also disables a long list of security software, attempts to block computers from connecting to security-download Web sites and directs machines to connect to and download from various spyware sites.

While all of the viruses identified in recent weeks target Windows machines, they are not restricted to MSN Messenger, with recent reports of code attacking AOL’s Instant Messenger and other IM platforms.

A proliferation of IM-related viruses would be bad news for several major firms, including Microsoft, which is said to be making so-called “presence computing” a key feature of its next-generation Longhorn software, and AOL, which recently unveiled a service to enables users of the Microsoft Outlook e-mail program to automatically load their address lists into its AIM instant messenger.