Worm, phishing scam hit IM services

Piggybacking on the popularity of the new "Star Wars" movie, a new worm and a phishing scam target AOL and Yahoo IM users.

Joris Evers Staff Writer, CNET News.com
Joris Evers covers security.
Joris Evers
2 min read
A new worm and a phishing scam are targeting members of the America Online and Yahoo instant messaging networks, security companies warned Tuesday.

In both cases, people receive an instant message with an apparent reference to the newly released "Star Wars Episode III: Revenge of the Sith" movie, encouraging them to click on a link, said Jon Sakoda, chief technology officer at IMLogic, an instant messaging security company.

"Both seek to capitalize on momentum and enthusiasm around the 'Star Wars' movie," he said.

In the case of the AOL worm, the text in the instant message is: "hehe, i found this funny movie," and the word "this" is a hyperlink, according to the IMLogic advisory. The Yahoo message references "StarGames" in the link, IMLogic said in its warning.

IMLogic has listed both the Yahoo and AOL issues as "medium" risk threats. McAfee has only had one report of the AOL worm, said Craig Shmugar, virus research manager at the antivirus software vendor.

When an IM user clicks the link in the AOL message, malicious code is downloaded to the user's PC. The code is installed, and the worm sends itself to all of the victim's contacts, Shmugar said. The code, a variant of the Gaobot virus, could give the attacker remote control over the victim's PC, he said.

The link in the Yahoo instant message leads to a site that is designed to look like a real Yahoo Web site, but is in fact part of a phishing scheme to steal login information, Sakoda and Shmugar said. (Phishing scams are a prevalent type of online fraud that attempts to steal sensitive user information such as user names, passwords and credit card information.) Once at the Web site, the IM user is asked to enter their Yahoo credentials, which appear to then be e-mailed to a Hotmail e-mail address.

The worm and phishing scam are the latest in an increasing number of cyberthreats that use instant messaging to get to Internet users. Just as with attachments and links in e-mail, instant messaging users should be careful when clicking on links that arrive in instant messages--even messages from people they know, Sakoda said.

People are advised to keep their antivirus software up to date. McAfee will update its antivirus software on Wednesday to detect this latest Gaobot variant, Shmugar said. Current McAfee products may catch the malicious software via their intrusion detection capabilities, he said.