# W32.Kelvir.A



## tetonbob (Jan 10, 2005)

New one out there, and a new variant.....coming through an attachment in IM

Symantec link 

Story link at Tech Republic from which I quote a small bit:



> Researchers at both Aladdin Knowledge Systems and F-Secure discovered the appearance of Win32.Kelvir.a, a new twist on the previously identified Kelvir threat. Each company also identified a new worm in the wild; Aladdin is calling it Win32.Serflog.a., while F-Secure is calling the same threat Sumom. Aladdin is rating both Win32.Kelvir.a and Win32.Serflog.a as medium-to-high risks.....
> 
> According to Aladdin, Win32.Kelvir.a spreads via a URL sent in an IM that contains an infected file. After clicking on the link, a person's computer becomes infected by the worm. When the program is executed it attempts to drop multiple copies of itself onto the person's PC. The worm also executes itself with every subsequent startup of the IM software by modifying registry entries, and it forwards itself to all of an individual's IM contacts. The threat presents itself hidden in a message that reads "omg this is funny!", followed by the URL.
> 
> Aladdin said that Win32.Serflog.a, or Sumom, presents itself as an attachment in an instant message. The worm attempts to spread by dropping copies of itself into folders typically shared by peer-to-peer software clients. The infected message reads "????omg click this!", followed by an attachment that harbors the worm. The company said Win32.Serflog.a also drops several hidden files into infected machines and attempts to cancel security functions of Messenger, while blocking access to several related Web sites.



:upset:


----------

