ADVISORY/IMlogic Threat Center reports W32/Kelvir-Re impacting Reuters Messaging network; offers immediate guidelines for protection.Please replace the release from April 14, 2005 with the following corrected version. The corrected release reads: ADVISORY/IMLOGIC THREAT CENTER REPORTS W32/KELVIR-RE DETECTED ON REUTERS MESSAGING Reuters Messaging (RM) is an instant messaging and presence collaboration service, first released by Reuters in October of 2002. It is marketed toward the financial services industry. The most recent version is Reuters Messaging 6.0. Features Reuters Messaging 6. NETWORK; OFFERS IMMEDIATE GUIDELINES FOR PROTECTION WHAT: Industry leader IMlogic is warning customers that a variant of the W32/Kelvir-Re worm has been detected on the Reuters Messaging network. The worm distributes instant messages containing a URL URL in full Uniform Resource Locator Address of a resource on the Internet. The resource can be any type of file stored on a server, such as a Web page, a text file, a graphics file, or an application program. link pointing to a Web site which may contain infected software. In an effort to protect its customers and prevent Reuters Messaging from being used to propagate this worm, Reuters has temporarily suspended its Reuters Messaging service. The Kelvir-Re worm is a variant that has targeted MSN (1) (MicroSoft Network) A family of Internet-based services from Microsoft, which includes a search engine, e-mail (Hotmail), instant messaging (Windows Live Messaging) and a general-purpose portal with news, information and shopping (MSN Directory). and Windows Messenger The instant messaging (IM) client in Windows XP. Windows Messenger is the XP counterpart to MSN Messenger, both of which have been upgraded to Windows Live Messenger. Organizations can use the instant messaging capabilities in Microsoft Exchange to set up a private IM system. clients, but has previously not bridged to the tightly controlled network of Reuters messaging. The worm is intended to convince users to download an executable program See executable code. using social engineering techniques. The worm sends users a benign message (such as "is it you?"). Users who click the link will have their Web browser The program that serves as your front end to the Web on the Internet. In order to view a site, you type its address (URL) into the browser's Location field; for example, www.computerlanguage.com, and the home page of that site is downloaded to you. open and redirected to the infected Web site. Once there, the Web site will try to download the infecting software. If the user chooses to download and run the software then they become infected. Once executed, this worm will send similar IM messages to the online contacts of an infected user's contacts list. A list of malicious URLs associated with W32/Kelvir-Re is provided by the IMlogic Threat Center. Customers using security products such as IMlogic IM Manager(TM) to securely protect and filter IM messages would not be affected by this worm/virus. Customers that run firewall security software that prevents downloading malicious executables are also protected. All customers are advised to ensure their Anti-Virus software anti-virus software n → Antivirensoftware f is up to date. Reuters recommends that customers block the infected Web site "hydr0.net" and that end-users not open suspicious executable programs downloaded from the Internet. To learn more about the W32/Kelvir-Re worm visit the IMlogic IM and P2P See peer-to-peer and point-to-point. Threat Center at: http://www.imlogic.com/im_threat_center/index.asp. For companies not currently using IMlogic's IM Manager to securely protect and filter IM messages, a free downloadable product released from IMlogic - IMlogic IM Detector Pro - can be used to immediately block IM traffic and stop the potential for spreading this worm. Companies can download IM Detector Pro at no cost directly from IMlogic's Web site at www.imlogic.com/imdetectorpro. A helpful install wizard simplifies the process and guides users through each step. MORE INFO: Learn more at IMlogic's Threat Center: http://www.imlogic.com/im_threat_center/index.asp. Disclaimer The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. IMlogic, IMlogic products and IMlogic IM Manager are trademarks of IMlogic Corporation and/or affiliated companies Affiliated Companies A situation that occurs when one company owns a minority interest (less than 50%) in another company. Also refers to companies that are related to each other in some way. Notes: An affiliated company is sometimes referred to as a subsidiary. in the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners. |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion