Want CNET to notify you of price drops and the latest stories?

IM worm speaks your language

New pest targeting users of MSN Messenger looks at a system's settings, then sends its message in one of 10 languages.

Joris Evers Staff Writer, CNET News.com
Joris Evers covers security.
Joris Evers
2 min read
A new MSN Messenger worm often talks to people in their own tongue as it hunts for new victims, security experts have warned.

The worm, dubbed Kelvir.HI, tailors the language of its attack message to the compromised system, said David Jaros, the director of product marketing at security vendor Akonix Systems, on Wednesday. It can send messages in English, Dutch, French, German, Greek (English alphabet), Italian, Portuguese, Swedish, Spanish and Turkish, he noted.

"It appears to check which language the Windows client is configured to use," he said. "This is the first time that we have seen a worm that checks the system settings and then sends a specific message."

When it hits an English system, the worm sends out the following message: "haha i found your picture!" The message is sent to everybody on a user's contacts list. The message includes a Web link that when clicked on will download malicious software that installs a backdoor and furthers the spread of the worm, Jaros said.

The worm is a variant of the Kelvir pest that first surfaced in February. To date, there have been 103 variants of Kelvir, according to IM security company Akonix.

The worm spreads via Microsoft's MSN Messenger instant-messaging service and affects computers running Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003 and Windows XP, according to a Symantec advisory.

The multilingual Kelvir is a sign that virus developers are getting more inventive and more global in terms of their target market, Jaros said. "They go after not only English speakers, but also other languages. I think we will definitely see more worms that cast a wider net."

Threats to instant messaging and peer-to-peer systems are on the rise, Akonix said. The threats are not only more frequent, but attackers are increasingly morphing their software to circumvent security measures, the company said.