AdWare or Worm?

Around the end of August we started to see the next logical step in the evolution of IM malware.

People were complaining about a new IM-Worm. The message which the user receives is actually a link, which when clicked takes the user to a site where a specific piece of IM related software can be downloaded.

There is a single executable which is responsible for spreading these promotional links for this software site across the AOL, MSN and Yahoo instant messaging networks. You guessed it, the first AdWare which spreads via IM.

But it gives rise to a very interesting question: are we dealing with AdWare or with an IM-Worm?

The EULA for the IM related software does explicitly state that this software will send messages to all contacts in the user’s IM client. Because of this, and the way in which the program spreads, it could be classified as AdWare. However, the executable file is designed purely to spread the site link, and it doesn’t warn the user of its behaviour.

We therefore decided to classify this file as an IM-Worm. We may see similar files in the future and these files might be classified differently because of the way in which they behave.

The company has now changed its policy, and is offering the IM related software without this feature. Why, we don’t know. But there is nothing to stop other vendors picking up on this approach and using it to promote their products.

AdWare or Worm?

Your email address will not be published. Required fields are marked *



Meet the GoldenJackal APT group. Don’t expect any howls

GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. The main feature of this group is a specific toolset of .NET malware, JackalControl, JackalWorm, JackalSteal, JackalPerInfo and JackalScreenWatcher.

APT trends report Q1 2023

For more than five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports.

Subscribe to our weekly e-mails

The hottest research right in your inbox