“Santa Worm” Installs Rootkit Payload
An Instant Messaging (IM) worm is attacking AOL, MSN, Windows Messenger, ICQ and Yahoo instant messaging networks. The worm installs a rootkit as it’s “payload.”
“The worm, identified as IM.GiftCom.All, was discovered by researchers at IMLogic Inc.’s Threat Center spreading via IM and attempting to trick users into clicking on a malicious URL.
The link lures the target into visiting a harmless Santa Claus Web site, but actually installs a rootkit payload to the victim’s machine, IMLogic said in an advisory.
‘The rootkit payload is often named gift.com and when executed hides itself on the user’s system, attempts to shutdown desktop anti-virus software and starts collecting the infected user’s information for broadcast over the Internet,’ the company explained.”