A computer geek friend of mine, who never sends out false alarms, sent me an advisory today about a new kind of internet worm, which can attack you via your instant messenging programs. His explanation is kind of long, so you’ll find it in the extended entry below.

My friend, the computer geek’s warning:

You need to be extra careful while using your messenger today and from now on I imagine. There was a new type of worm that embeds in a simple image file that began appearing last night.

The Santa Claus worm is attempting to trick America Online, Microsoft MSN and Yahoo instant-messaging users into clicking on a file that delivers unwanted software to Windows NT/XP computers. It’s called the IM.GiftCom.All worm, and it attempts to dupe you into thinking an acquaintance has sent them a link to a harmless Santa Claus file, according to a security advisory issued yesterday by IMlogic.

People who click on the file will see an image of Santa, but what they are less likely to notice is a rootkit being installed onto their system. A rootkit is a tool designed to go undetected by the security software used to lock down control of a computer after an initial attack (read: anti-virus and firewalls are useless). The worm then distributes messages to the user’s IM contacts, using a similar
technique to lure the unsuspecting acquaintance to click on the link.

After some poking around of my own, the infected PC’s become members of a botnet contralled on an ircd server in Finland, which are co-ordinating DDoS attacks against British and American corporate networks for the purpose of extorting money from the companies.

Short version: IM from friend….cute picture of Santa…PC no longer yours….rootkits can not be removed…..reformat trusting no data after infection.

That means any data on the PC must be wiped, pictures, music….everything. You can not back up after a rootkit’s been installed. Case in point on backing up frequently.

BSD, Linux and OSX (the X in OSX means Unix ;) ) users are not affected obviously for any of you using those OS’s.

Be careful guys. Here’s to hoping Santa doesn’t visit you.