“Santa Worm” Installs Rootkit Payload

An Instant Messaging (IM) worm is attacking AOL, MSN, Windows Messenger, ICQ and Yahoo instant messaging networks. The worm installs a rootkit as it’s “payload.”

Santa Worm Installs Rootkit

“The worm, identified as IM.GiftCom.All, was discovered by researchers at IMLogic Inc.’s Threat Center spreading via IM and attempting to trick users into clicking on a malicious URL.

The link lures the target into visiting a harmless Santa Claus Web site, but actually installs a rootkit payload to the victim’s machine, IMLogic said in an advisory.

‘The rootkit payload is often named gift.com and when executed hides itself on the user’s system, attempts to shutdown desktop anti-virus software and starts collecting the infected user’s information for broadcast over the Internet,’ the company explained.”

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.