New Global Epidemic ICQ Worm Harvests Financial Info
A new worm is targeting users of the ICQ instant messenger by tricking them into clicking on links delivered via IM, security experts said Tuesday.
About 50,000 machines have been infected with the Bizex worm, said Moscow-based Kaspersky Labs. The security firm called outbreak the first global epidemic among ICQ users.
Invitations to a malicious site lead ICQ users to the jokeworld.biz Web site, where vulnerabilities in both Internet Explorer and Windows are used by the hacker to download the worm and launch it on the compromised machine. Bizex spreads by hijacking ICQ contacts from the infected machine, then sending IMs with the link to jokeworld to all those contacts.
Bizex includes a range of payloads, said Kaspersky, including one which harvests information it finds on the infected machine related to payment systems from Wells Fargo, American Express UK, Lloyds, Barclaycard, Credit Lyonnais, and E*TRADE. Any financial information Bizex uncovers is then transmitted to a remote, anonymous server.
Additionally, Bizex includes a keylogger component that intercepts data transmitted via HTTPS (the encrypted version of HTTP), typically used to move financial transactions, such as those between a user and his bank. This data is also sent to the remote server.
“This as a bare-faced attempt to make money,” said Eugene Kaspersky, who heads the anti-virus research at Kaspersky, in an e-mailed statement. “The new method of penetration, the fact that ICQ has not been used for such an attack before, and the wide range of spy functions means this combination is sure to reap huge profits for the author of Bizex.”
