ELM Bulletin- December 31, 2005
MSN Messenger Security Threat - Virkel
Users of Microsoft's instant messaging client, MSN Messenger, are being targeted by a new variant of the Virkel virus. This virus circulates by claiming to be a link to a leaked beta version of MSN Messenger 8. By installing the supposed beta the Virkel virus is installed and connects the infected computer to a "bot" (robot) network and giving hackers remote control access to the system.
The current newest version of Microsoft's MSN Messenger is 7.5; there is no newer version in currently in public beta testing. (For those of you who wonder, a beta version of a software package is a pre-release version of that software being circulated for testing and debugging purposes. In general it is neither necessary nor recommended to install beta software.)
This newest attack on Microsoft's MSN Messenger underscores a growing trend among hackers to use instant messenger, or "chat" software to distribute viruses and other malicious programs. With the increasingly acceptable use of instant messaging (IM) in the business environment IM has become a convenient method of bypassing network security protocols to allow the delivery and installation of malicious software on corporate computer systems.
As has been stated previously in these bulletins the best practice in defending computer systems is to be suspicious of all unsolicited promotions (software updates, free screensavers, etc.) and any offer that seems to be to-good-to-be-true (toolbars, browser enhancements, etc.).
If you would like more information on protecting your systems from external threats please contact us, we would be happy to discuss your concerns with you.
NOTE: In November's ELM Bulletin I referred to a security issue with music CDs distributed by Sony/BMG. Any computer system that was used to automatically play one of the infected CDs has had the rootkit installed and is now a security risk. Microsoft's Malicious Software Removal Tool address this issue by removing the rootkit. The tool is updated on the second Tuesday of each month and is included with Microsoft Update. It can also be found at the following website (ELM strongly recommends that Microsoft Update be configured to run automatically on all computer systems):
http://www.microsoft.com/security/malwareremove/default.mspx
A list of infected CDs can be found at this website:
As always, please do not hesitate to contact me if you have any questions about this or any other issue.
Past issues of the ELM Bulletin are available from our website, feel free to forward them to anyone you wish.
You have received this ELM Bulletin either by request or because you have given your contact information to an ELM employee. If you no longer wish to receive the ELM Bulletin, send us an email with "Remove Me" in the subject line and we will remove your email address from our distribution list.
Peter Rhebergen Telephone |
Websites & Publications Product Websites |
.jpg)
