[ISN] Reuters shuts down system to fight Kelvir IM worm

InfoSec News isn at c4i.org
Mon Apr 18 06:03:17 EDT 2005


By Laura Rohde
IDG News Service

Reuters Group was able to bring its instant messaging system back
online early Friday morning, after an outbreak of the Kelvir worm led
the company to shut down the system for most of Thursday.

The London news and information provider detected the external worm on
its network coming though a customer Internet portal mid-morning on
Thursday and took the system down as a precaution, according to
Reuters spokesman Johnny Weir. After insuring there were proper
filters in place, the IM system was made operational again at 7 a.m.  
local time Friday, he said.

The Kelvir worm is designed to use Microsoft’s IM software as a means
for disseminating malicious code. The variant that hit Reuters,
W32/Kelvir-Re, was not unique to their IM system, called Reuters
Messaging, Weir said.

No incidents of users being infected by the attack have been reported
and Reuters' other services continued operating as normal, Weir said.

Reuters has its own IM application for the financial services industry
which it developed to be interoperable with Microsoft's MSN Messenger.  
Reuters' IM system also works with AIM software from AOL. According to
Weir, the problem only affected users on the Reuters system.

The Kelvir worm spreads by sending messages through the IM system to
all of an infected user's contacts, encouraging the recipients to
visit a Web page to download a file. New versions of both the Kelvir
and Bropia worms have been actively attacking systems this year,
especially within corporations, according to anti-virus software
company Sophos.

Reuters has increasingly been connecting customers to its IM system
and there are currently more than 60,000 active users, according to

More information about the ISN mailing list