What Does Instant Messaging Worm Mean?
An instant messaging worm (IM worm) is a self-replicating malicious code that is spread through an instant messaging network. These worms are similar to computer worms except that they spread through various IM networks as a result of loopholes in the network. The IM worm infects a user’s account, locates the user’s IM contact list and tries to send itself to all the contacts on the list. IM worms do not require a vulnerable IP to gain access to a user’s contact list.
Techopedia Explains Instant Messaging Worm
IM worms send out messages that appear to be from the people on the user’s contact list. These messages are often out of character, and contain external links to marketing websites. The infected user’s contacts may also receive similar email messages.
Although the IM worm appeared on 2001, it was not considered a threat until late 2005. The first large IM worm outbreak was reported in the Netherlands and spread through MSN Messenger through a malformed WMF file called xmas-2006 FUNNY.jpg. During this time, IM worms were built for various reasons and were spread through popular public IM services such as MSN Messenger, Yahoo! Messenger, AOL Instant Messenger and ICQ.
The following are some examples of IM worms:
- The Choke worm attaches to MSN Messenger. When a user initiates an IM conversation with an infected host, the worm sends a text message along with an invitation to download a file, which turns out to be the worm file from the infected host.
- IM worms such as Sumom caused limited damage but attracted a lot of media attention.
- The SoFunny worm spreads as a file attachment using AOL Instant Messenger. It steals AIM login information, and emails the user ID and password to a designated address. It runs as a service process in Windows systems to hide from the Windows Task Manager.
Many hackers also created IM worms such as Bropia and Kelvir specifically to create financial gains.
The IM worm has undergone drastic changes over the years in the way it is distributed, the complexity of the code used and the networks targeted.