it observer – a new instant messaging worm could allow hackers to take control of computers, reports panda softwar

By | May 19, 2005

PandaLabs has reported the appearance of a new example of malware, Oscarbot.F, a worm that could allow a malicious user to take action on the infected computer, and which is designed for AOL Instant Messenger (AIM), a popular instant messaging application, especially in the United States. Panda Software´s TruPreventTM Technologies have managed to block and eliminate this worm without having previously identified it.

This new variant of the Oscarbot family of worms, has ‘bot’ functions, executing orders that it receives from a remote user. Once installed on a computer, this malware creates a copy of itself in the Windows system folder, and edits certain registry keys to ensure that it is run as a service when the system starts up.

“The propagation of this worm follows the typical modus operandi of malware associated with instant messaging programs: once there is a connection to the Internet, it sends a message to all contacts connected to the affected computer containing a hyperlink, and from which a copy of the worm itself is downloaded or even other malware,” explains Luis Corrons, director of PandaLabs. However, in this case, propagation depends on remote orders: when the worm is run it connects to an IRC server where it receives commands ranging from the downloading and execution of files to propagation using AIM”.

This new variant confirms the increasing use made by malware creators of new forms of communication, such as instant messaging. Other examples, about which Panda Software has previously reported, include Bropia and Kelvir both of which have numerous variants. In this case, there would appear to be a dual motive for this malware, as with Bot functions. the distribution of Oscarbot.F. can contribute towards construction of ‘botnets’ which have numerous aims (typically sending spam, attacks on other machines, or downloading other malware), and through which the creators of the malicious code can obtain financial benefits.

To prevent infection by Oscarbot.F or any other malicious code, Panda Software advises all users to keep their antivirus software up-to-date. Panda Software has already made the corresponding updates to detect and eliminate this new malicious code available to clients.

Panda Software’s clients can already access the updates for installing the new TruPrevent™ Technologies along with their antivirus protection, providing a preventive layer of protection against new malware. For users with a different antivirus program installed, Panda TruPrevent™ Personal is the perfect solution, as it is both compatible with and complements these products, providing a second layer of preventive protection that acts while the new virus is still being studied and the corresponding update is incorporated into traditional antivirus programs, decreasing the risk of infection.

Panda Software also offers users Virus Alerts, an e-bulletin in English and Spanish that gives immediate warning of the emergence of potentially dangerous malicious code. To receive Virus Alerts just visit Panda Software´s website ( and complete the corresponding form.

Leave a Reply