Worm burrows to heart of Windows Live
Woos with Portuguese poetry.
By Cara Garretson, Network World | Published: 16:59, 26 September 2006
The latest worm to infect instant-messaging networks is aptly named Heartworm.
The worm, actually called W32.heartworm.a, affects users of Microsoft’s Windows Live Messenger service (formerly MSN Messenger), presenting users with a link to a Web site that tells them a virtual greeting card is waiting for them, according to FaceTime Security Labs, a division of IM management and security company FaceTime Communications.
That link brings unsuspecting users to an image of a heart with a poem written in Portuguese, which secretly installs files on the user’s PC that record personal and financial information.
According to FaceTime researchers, who wrote about Heartworm in a September 22 blog posting, the heart-shaped message appears to be hosted on a site dedicated to exposing online hoaxes, perhaps in an attempt to encourage visitors to click through.
Heartworm follows quickly on the heels of another worm called Pipeline, which secretly delivers an executable file disguised as a JPEG that then installs rootkits and Trojans on systems running AOL's Instant Messenger service.
These and other IM worms that have emerged of late show that spammers and malware writers are looking beyond e-mail for ways to get their messages across and spread their exploits.