Warning of a new IM Worm

"'A new worm posing as a come-on to a Santa Claus site is traveling across all the major instant messaging networks, a security firm warned Tuesday, and when recipients visit the bogus site, they're infected with a file hidden from sight by a rootkit.

IMlogic said that the worm, dubbed 'M.GiftCom.All,' is circulating on the MSN, AOL, ICQ, and Yahoo instant messaging services, is a 'Medium' threat, a relatively rare classification for the Waltham, Mass.-based company. Most IM worms and Trojans listed on its Threat Center receive only a 'Low' classification.

Like virtually all IM worms, M.GiftCom.All includes a URL in messages it spams out to contacts hijacked from previously-infected PCs. When users visit that site -- which is billed as a harmless Santa site -- a file is automatically downloaded to their computers. The file, usually named 'gift.com' includes rootkit elements that cloaks it from security software.

In addition, the downloaded executable tries to disable a number of anti-virus programs, adds a keylogger to the system to capture confidential information, and then spreads to others by snatching names from the user's IM client contact list.'"