Research

AdWare or Worm?

Around the end of August we started to see the next logical step in the evolution of IM malware.

People were complaining about a new IM-Worm. The message which the user receives is actually a link, which when clicked takes the user to a site where a specific piece of IM related software can be downloaded.

There is a single executable which is responsible for spreading these promotional links for this software site across the AOL, MSN and Yahoo instant messaging networks. You guessed it, the first AdWare which spreads via IM.

But it gives rise to a very interesting question: are we dealing with AdWare or with an IM-Worm?

The EULA for the IM related software does explicitly state that this software will send messages to all contacts in the user’s IM client. Because of this, and the way in which the program spreads, it could be classified as AdWare. However, the executable file is designed purely to spread the site link, and it doesn’t warn the user of its behaviour.

We therefore decided to classify this file as an IM-Worm. We may see similar files in the future and these files might be classified differently because of the way in which they behave.

The company has now changed its policy, and is offering the IM related software without this feature. Why, we don’t know. But there is nothing to stop other vendors picking up on this approach and using it to promote their products.

AdWare or Worm?

Your email address will not be published. Required fields are marked *

 

Reports

BlindEagle flying high in Latin America

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries.

APT trends report Q2 2024

The report features the most significant developments relating to APT groups in Q2 2024, including the new backdoor in Linux utility XZ, a new RAT called SalmonQT, and hacktivist activity.

Subscribe to our weekly e-mails

The hottest research right in your inbox