With the holidays upon us, the name of Santa Claus is being used for evil rather than good by worm developers, who have targeted major instant-messaging systems with a holiday-themed virus.
The IM.GiftCom.All worm has made an appearance on several messaging networks, including America Online, Microsoft MSN, and Yahoo.
The worm attempts to dupe you into believing that a friend has sent you a link to a harmless file. If you click on the file, you see an image of Santa. While viewing it, the worm attempts to install a rootkit on your system.
Rootkits are frequently used to circumvent security software and give an attacker remote control of a machine. Once the attacker is inside your system, the worm harvests your instant-message contact lists for subsequent infections.
Not Surprising
The new worm is not surprising to many security researchers because holiday-themed threats often occur just as people are swapping online cards and forwarding holiday messages to each other.
The fact that the threat appears in instant-messaging systems also does not come as a shock, considering the phenomenal growth rate in the number of innovative new worms and viruses over the past year.
Since the start of 2005, messaging-related security threats have been growing each month, according to messaging-security firm IMlogic.
Track Down
"The difficulty is that worm developers are using tactics that have been successful in e-mail campaigns," said IMlogic chief technology officer Jon Sakoda. "They're able to mutate earlier worms and try different strategies, and that's giving them a level of sophistication."
Another problem is that users still are not fully aware that worms and viruses can move through messaging systems, Sakoda added.
In corporate environments, threats like the recent Santa Claus worm can be especially nasty because some employees use instant-messaging applications on the sly, without the knowledge of the I.T. staff.
"CIOs should definitely know what's on their network, and what users are doing," said Sakoda. "If they think employees aren't using instant messaging just because it's not allowed, then they better think again."