A worm running through Microsoft's instant-message network is dropping spyware bots onto compromised Windows PCs using new multilanguage smarts, security vendors said Thursday.
A worm running through Microsoft's instant message (IM) network is dropping spyware bots onto compromised Windows PCs using new multi-language smarts, security vendors said Thursday.
Although the Kelvir.hi worm is not an extremely high-level risk -- Symantec, for example, lists it as a "2" in its 1 through 5 ranking -- it takes a unique tack to language, for it speaks in tongues.
Ten to be exact.
Kelvir.hi, which spreads via Microsoft's MSN IM network, checks for the system's default language, then periodically blasts out messages in that language to contacts hijacked from the victim's machine. If Dutch is the default language, for instance, the message reads "lol ik heb je foto gevonden;" if English, "haha i found your picture!"
The message may also contain a link to the worm; if the recipient clicks on the link, his machine's infected.
Kelvir.hi also drops a copy of Spybot onto the PC; this spyware-style bot hides in the background and listens for commands transmitted by the attacker. Those commands can tell the bot to scan for specific files, download or upload files, steal passwords, or even log all keystrokes.
Other languages detected and used by Kelvir.hi include French, German, Greek, Italian, Portuguese, Swedish, Spanish, and Turkish.
Most anti-virus vendors have already updated their definition files to detect and delete Kelvir.hi.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.