Worm attack forces Reuters IM offline

The media company confirms that it shut down its instant messaging system after a new Kelvir worm attempted to spread over its network.

Matt Hines Staff Writer, CNET News.com
Matt Hines
covers business software, with a particular focus on enterprise applications.
Matt Hines
2 min read
Reuters has shut down its instant messaging system after suffering an onslaught from a new Kelvir worm, the company confirmed Thursday.

The London-based international media company decided to take its Reuters Messaging system completely offline after noticing the attack on its network earlier on Thursday, a Reuters representative said.

The new variant attempted to spread by sending fake instant messages to people in contact lists on infected systems, a technique used by earlier Kelvir strains. The messages, crafted to look exactly like legitimate IM correspondence, attempted to lure people to a Web site where their computers would be infected with Kelvir, the representative said.

"In order to protect our customers and other users, and to prevent RM (Reuters Messaging) from being used to propagate this worm, Reuters has temporarily suspended the RM service and is working to resolve this matter," the company said in a statement. It has not reported any incidents of consumers being infected by the attack.

Unlike the free IM software marketed by rivals America Online, Microsoft and Yahoo, Reuters Messaging was created as a corporate tool, closed off from public subscribers and for internal company use only. But in recent years, the company has moved to connect its consumers with those networks. In 2003, Reuters signed deals with both AOL and Microsoft's MSN unit to allow users of its IM software to link to those services.

Technical workers at Reuters said they believe the new Kelvir attack could also target other IM systems. No other companies with messaging software had reported such a threat as of midday Thursday, however.

In a recent report on the growing threat of IM-borne viruses, the IMlogic Threat Center--an industry consortium led by security software maker IMlogic--indicated that Kelvir was among the three most frequently detected IM infections at work places, along with the Bropia and Serflog worms. The group also said that it has recently seen multiple incidents of IM phishing and identity theft reported on IM networks.

At the moment, Reuters has no timetable for bringing the IM system back online, the company said. Representatives said the company wants to make sure the issue has been completely remedied before allowing people to begin using the software again.