Worm found in Apple

10 Aug 2006

Malware writers have developed instant message (IM) worms capable of attacking all major IM networks, according to Kaspersky Lab, a major anti-virus company.

The company predicts that the industry will witness a rise in IM worms which can spread via multiple IM networks, triggering the demise of traditional IM worms, such as Bropia, Kelvia and Prex, which spread via single IM networks, such as MSN.

IM worms such as IRCBot.lo, discovered by Kaspersky in January, will represent the greatest IM threat as they can spread to a large number of networks and can use variable messages and download links.

“In most cases an IM worm should not be viewed as a stand-alone piece of malware but rather as a slave which is used to help the IRCBot spread,” said Roel Schouwenberg, senior research engineer, Kaspersky Lab. “The appearance of IRCBot.lo, which represents the ultimate in IM worm functionality, demonstrates that IM is an infection vector which has not yet been exhausted.

“The worrying thing about IM worms like IRCBot.lo is the code that is used to write them can be easily copied, potentially resulting in a significant increase in IRCBots which can spread links across all major IM networks. It therefore seems likely that we may start to see reports of other IM networks being increasingly targeted in the future,” he said.

Macs are also at risk from IM worms. On February 13 2006, the first worm for Mac OS X was discovered: an IM worm named OSX/Leap.A that spreads via Apple’s IM application iChat.

“Apple’s small share of the global PC market has until now protected Macs from the unwanted attention of malware authors,” said Schouwenberg. “However, as Apple systems become more popular, this will change.”

By Niall Byrne