Santa Claus instant messenger worm: features prevention removal protection fixes and solutions. Christmas trojan virus, IMlogic, software security

Santa Claus worm spreads across chat networks

The trojan downloads into your machine as you visit a Christmas website

BY OUR TECH CORRESPONDENT
21st December 2005

Santa Claus is coming to town, riding on a trojan horse! Users of instant messengers, beware! He is not here to spread any Christmas cheer, but rather a worm which goes by his name.

Computer networks across the world using instant messengers (IMs) like MSN, Yahoo, AOL and ICQ have reported the spread of a worm which has been christened the Santa Claus worm. If you are an ordinary IM user, a chat message from one of your chat buddies may pop on your screen, inviting you to visit a Santa Clause festive site. Click on the link, and you are done.

Clicking on the link opens a webpage, which looks like an ordinary Christmas website. Since the link was apparently sent by your friend, you don't suspect the site either. But in the background, the Santa website is maliciously downloading a "rootkit" file on to your computer, without your knowledge. Unlike conventional viruses which invade your computer when you download the file, here the website actively injects the worm into your computer, even as you naively watch the prancing reindeers.

Once it downloads into your machine, the Santa Claus worm deactivates the anti-virus programs running in your computer, and hides itself from detection. Rootkit files hide themselves, associated files and the related registry keys from being spotted. And once safely ensconced in your machine, it steals messenger data from your machine and sends out the devious invite from your MSN/Yahoo/AOL ID, adding yet another innocent buddy to the growing Santa Claus worm network.

IMlogic, a securty agency which detected the worm on Tuesday, has rated the worm as having 'medium' threat. Unlike many other worms and trojans, the Santa Claus worm does not erase critical files or damage the system. However, it installs stealth mechanisms in the computer and hijacks the messaging system.

Till now, the proven method of transmission of the Santa Clause worm is through the malicious website. But IMlogic says that the possibility of the worm spreading across chat sessions cannot be ruled out.

So, if you happen to be one of those hapless "buddies" misled to the Santa Claus fraud, alert others at the earliest - and save some Christmas cheer for them!

BY OUR TECH CORRESPONDENT