Named W32.heartworm.a , the new IM worm sent to users of Microsoft Windows Live Messenger service with messages attached to a fake link is an electronic card (e-card).
FaceTime Security Labs warns that if users click on the link, they will be directed to a malicious website that can automatically install malicious code secretly on the user's system. The main function of malicious codes is to steal victims' information such as personal information or online bank account information.
New IM worms disguise as e-cards to steal information Picture 1 To complete your spectacular trick while avoiding all users' attention, the aforementioned malicious website will display in front of the user the image of a heart and a poem written in Portuguese. FaceTime's research experts say the site is hosted on a server that contains malicious websites and code. The image displayed on the website is intended to trick users into continuing to click and the links available on it. This means that users will have more malicious code.
The Heartworm worm is the one behind the IM Pipeline worm that specializes in attacking the instant messaging service AOL. Through a JPEG image, the worm installs a self-executing EXE file on the user's system and downloads additional rootkits and Trojans.
The explosion of the IM worm is the clearest evidence for the spammer and malicious code programmers looking for ways to reach the victim rather than using the traditional way via email, instead they now use the IM service path. This is also a testament to the trend of using email as a decoy to steal user information.
The Radicati Group estimates that there are about 995 million IM accounts in the world and this number will reach about 1.6 billion accounts by 2010.