Be careful of the Christmas worm

I just noticed this on one of the newswires.  There’s a worm propagating around the Instant Messaging services pretending to redirect you to a Xmas site.  Here’s what IMLogic have to say about it:

This worm broadcasts a URL out over IM clients which downloads an executable file, often named gift.com. When this file is executed, it hides itself and scans the registry, file system, and internet cache. By operating as a rootkit, the process is hidden from all tools and anti-virus software. It also attempts to shut down anti-virus software and makes several networking calls. Also it does keystroke logging and may attempt to propagate itself over IM clients.

So warn your users not to click on any message containing a URL from one of their buddies without confirming that this is valid.  Of course, (shameless plug here) If you were running Live Communications Server 2005 SP1 and Office Communicator in your business environment then URL propagation is disabled by default…

Wow – that was easy – I could get a job in marketing!… Only joking Allister...