Microsoft posted a warning late Friday night about the so-called W32/Hello virus on a special site and has been working with security companies to kill it. A Microsoft spokeswoman said few instant messenger users have been tricked into opening the virus, thereby slowing its potential to make other machines crash.
"An MSN Messenger user needs to go through a few steps, which include warning messages, in order to receive and download the file," MSN product manager Sarah Lefko said. "Then, the user would have to actually double click and execute the file itself in order to propagate the virus.
"Users should know they can prevent execution of the virus by not accepting a file transfer which appears to be suspicious, not executing a suspicious file that was transferred to them, along with keeping antivirus protection software updated on their computer."
W32/Hello, an Internet worm that affects computers with the Windows operating system, arrives via MSN Messenger as a file called Hello.exe. If someone clicks the Visual Basic 5 application, the worm creates an unnamed shortcut in the Windows Start-up folder. It will then send a copy of itself and the message "i have a file for u. its real funny" to people on the MSN e-mail contact list of an infected IM user's machine.
If MSN Messenger is not installed on the computers of people on the e-mail contact list, the worm will crash and display the message "Run-time Error '91'. Object variable or with block variable not set."
Security experts said the virus should be of little concern to computer users worldwide because few people will likely engage in the tedious process of opening the application.
The newest annoyance underscores the reality of a wired world: Any popular computer program will eventually become the target of an attack.
According to a February report by Jupiter Media Metrix, MSN Messenger had 29.5 million members in 12 countries. AOL Instant Messenger had 29.1 million members, while Yahoo had about 11 million.
"This is almost more a proof of concept than anything else," said Vincent Weafer, director of the Symantec AntiVirus Research Center. "Somebody has gone through the hassle of creating a worm to prove that it can spread through the application, in this case IM."
Weafer said the virus should be a lesson to people who use instant messaging for important business dialog or any "mission critical" need. Although the newest virus was relatively harmless, a future version is likely to be far more ugly.
"We're finding that people are taking really great care with exchange servers for e-mail...but as IM is growing, they're just starting to look at IM security at the desktop level," Weafer said of corporate security technicians. "It's important to improve IM security...I find with a lot of these worms, you eventually get more people trying them out and getting more malicious viruses and bigger payloads."