Date: December 31, 2005
Subject: MSN Messenger Security Threat - Virkel

Users of Microsoft's instant messaging client, MSN Messenger, are being targeted by a new variant of the Virkel virus. This virus circulates by claiming to be a link to a leaked beta version of MSN Messenger 8. By installing the supposed beta the Virkel virus is installed and connects the infected computer to a "bot" (robot) network and giving hackers remote control access to the system.

The current newest version of Microsoft's MSN Messenger is 7.5; there is no newer version in currently in public beta testing. (For those of you who wonder, a beta version of a software package is a pre-release version of that software being circulated for testing and debugging purposes. In general it is neither necessary nor recommended to install beta software.)

This newest attack on Microsoft's MSN Messenger underscores a growing trend among hackers to use instant messenger, or "chat" software to distribute viruses and other malicious programs. With the increasingly acceptable use of instant messaging (IM) in the business environment IM has become a convenient method of bypassing network security protocols to allow the delivery and installation of malicious software on corporate computer systems.

As has been stated previously in these bulletins the best practice in defending computer systems is to be suspicious of all unsolicited promotions (software updates, free screensavers, etc.) and any offer that seems to be to-good-to-be-true (toolbars, browser enhancements, etc.).

If you would like more information on protecting your systems from external threats please contact us, we would be happy to discuss your concerns with you.

NOTE: In November's ELM Bulletin I referred to a security issue with music CDs distributed by Sony/BMG. Any computer system that was used to automatically play one of the infected CDs has had the rootkit installed and is now a security risk. Microsoft's Malicious Software Removal Tool address this issue by removing the rootkit. The tool is updated on the second Tuesday of each month and is included with Microsoft Update. It can also be found at the following website (ELM strongly recommends that Microsoft Update be configured to run automatically on all computer systems):

http://www.microsoft.com/security/malwareremove/default.mspx

A list of infected CDs can be found at this website:

http://www.sunncomm.com/support/faq/releases.asp

As always, please contact me if you have any questions about this or any other computer issue.

Previous issues of the ELM Bulletin are available from our website.

Please feel free to forward these bulletins to anyone you wish. If you no longer wish to receive these bulletins, or if you received this bulletin by mistake please send me an email with "Please remove me" in the subject line and I will take your name off of the bulletin mailing list.