Worm Variant Shuts Down Reuters Instant Messaging

A new variant of the W32/Kelvir worm on Thursday forced Reuters to shut down its instant-messaging service.

The incident occurred at 9:11 a.m. Greenwich Mean Time and affected all Reuters messaging users. The news is particularly disturbing because Reuters fields what has been called a secure enterprise-class IM system used in financial markets. In such a fast-paced environment, even an outage of minutes is a big deal, said one IM expert. Reuters didn't say when it expected the service to be back up.

The news came just hours after America Online unveiled plans to open its network of millions of AOL Instant Messenger (AIM) and ICQ users to providers of four enterprise IM services. Reuters and AOL are already partners, although an AOL spokeswoman discounted fears that the problem at the U.K.-based news service had spread to AOL's public networks.

"As our previously announced federation with the Reuters messaging system is still in testing, and has not yet been deployed, we do not expect to see this virus spread to the AOL Messaging Network," the AOL spokeswoman said. "Nevertheless, we have taken our usual, very aggressive protective measures and are leveraging our federation gateway to protect our AOL, AIM, ICQ, Netscape and Apple iChat users."

The worm variant attempts to spread itself via messaging services and will send messages to contacts in a user's messaging list with a URL link to an infected Web site in an attempt to propagate itself, according to a Reuters spokeswoman. "To protect our customers and other users, and to prevent people using Reuters messaging from propagating the worm, we have temporarily suspended our IM service," she said.

Reuters is telling users to update their antivirus signatures and block access to the infected Web site.

Solution providers are bullish on IM for their own business communications use as well as for setting up a secure infrastructure for their customers. Many VARs are turning to third-party providers such as IMLogic and Facetime Communications to bolster IM security for customers. IMLogic, for example, relies on a system of worldwide honey pots to detect IM viruses before they hit customer sites.

"We issue updates to our customers, much as Brightmail does in the e-mail/spam world," said Francis deSouza, CEO of IMLogic, Waltham, Mass.

Virus writers have done their homework, deSouza said. "They realize people are 10 times more likely to click on a URL in an IM from an apparent buddy than in an e-mail," he noted.

As IM becomes more integral to work and social life, it's also becoming more of a targeted. Last month, for example, a succession of worms targeted Microsoft's IM network.