A Santa Claus worm is attempting to trick instant messaging users into clicking on a file that delivers unwanted software to user’s computer. Victims who click on the file see an image of Santa, but what they are less likely to notice is a so-called rootkit payload being installed onto their system.
The instant messaging security firm, IMlogic said that the worm, dubbed “GiftCom.all” is circulating on the MSN, ALO, ICQ and Yahoo! instant messaging services. According to the company, the worm is medium threat, a relatively rare classification for instant messaging worms.
“This worm is a medium threat in terms of its distribution, but in terms of the damage it can create, it´s a more severe threat,” said Art Gilliland, vice president of products for IMlogic.
The payloads is often named gift.com and when executed hides itself on the user´s system, attempts to shut-down antivirus software, and starts collecting the infected user´s information for broadcast over the Internet. The rootkit uses victim’s buddy list to further propagate the worm.
Worms on IM networks can spread rapidly. They appear as a message from an acquaintance with a link that looks innocent, but actually points to malicious code somewhere on the Internet, warned IMlogin.