A new worm spreading over IM networks is the first to check system settings in order to send a message in the appropriate language. The Kelvir-HI instant messaging worm is spreading over MSN Messenger's network, albeit modestly. IM security specialist Akonix classifies it as a low-risk threat.

The worm works by downloading a copy of the previous Spybot worm and tracking down the default language of a user, sending a message in either English, Spanish, Dutch, French, German, Greek, Swedish, Italian, Portuguese or Turkish. Once users click on the link in the message, a copy of the Spybot worm is automatically downloaded. Spybot is a backdoor program with backdoor functionality that surrenders control of compromised machines to hackers. ®

Related stories

• Polyglot worm spreads over MSN (23 January 2008)
• Warezov worm fiends target Skype (28 February 2007)
• Hackers control bot client over P2P (2 May 2006)
• Symantec acquires IMlogic (4 January 2006)
• Virus poses as MSN Messenger 8 (28 December 2005)
• SDBot raises IM security concerns (2 November 2005)
• MessageLabs nabs Omnipod for IM security (2 November 2005)
• AOL IM worm roots around Windows PCs (31 October 2005)
• IM worm hits Reuters (15 April 2005)
• MSN Messenger worm seeds zombie networks (4 February 2005)
• Bofra exploit tied to 'massive botnet' (22 November 2004)
• Botched maintenance - not worm - blamed for MS IM glitch (12 October 2004)