Funner Worm Spreads to US

Security companies have identified a new worm spreading through Microsoft’s instant messaging platform.

The worm, known as the Funner worm, originated in Asia but is quickly spreading to the U.S., according to instant messaging security firm IMLogic.

The worm has only been spotted to date on the Microsoft IM platform, MSN Messenger. However, Microsoft said that it is not related to an outage of that service, which was unavailable for some time yesterday, according to a company spokesperson. The company said a problem with scheduled maintenance appears to be the cause of the downtime.

Security firm McAfee said the risk to both home and corporate users is “low,” while Symantec antivirus termed the worm a “nuisance.”

Symantec said when an infected link in a message is clicked, the worm attempts to download code from remote sites, to redirect users to certain Web sites and to send a version of itself to everyone in an IM user’s contact list as well. The firm reported fewer than 50 infections of the worm in the U.S. as of midday today.

Tip of the Iceberg?

Still, while the current worm’s threat was being downplayed, security firms were quick to add that a sophisticated blended threat sent through IM could pose significant security threats.

Sophos antivirus consultant Graham Cluley said that, like a much earlier version of FunnyFile worm, first spotted more than two years ago, the current worm is not an urgent threat, but does serve as a reminder that the instant messaging platforms represent a potential backdoor into enterprises that staunchly guard their e-mail gateways.

“Companies may spend enormous resources to guard against e-mail borne worms, but if their employees are downloading and using IM, there can be an entirely new threat they’re not prepared for,” Cluley said.

Fair Warning

Cluley and other security experts say the arrival of the Funner worm and the strong likelihood that more powerful copycat versions will follow are good reasons to draft and enforce policies against unauthorized downloading and use of IM products except those sanctioned by a corporation or network administrator.

Ken Dunham, director of malicious code at iDefense, said IM worms have been a growing area of concern, even though no devastating threat has yet emerged.

“We have more and more people using it and we also have increased interoperability, which raises the risk of a single worm infecting different platforms,” Dunham told the E-Commerce Times. “The greatest threat would be if someone put together an all-in-one virus that works in all IMs or targeted one of the most popular with a powerful code.”

Dunham said that from a social engineering perspective, IM has the potential to spread network worms or other malicious code even more effectively, because of its instant nature. “It pops up as a message from a trusted friend and you might tend to be more inclined to follow a link to a Web site,” he said.

“We haven’t seen anything terrible yet, but there is certainly potential in the IM world,” Dunham added.

1 Comment

  • It’s a little more dangerous than that. The program seems to have a built-in response to Norton Anti-virus. I unfortunately acquired this worm via MSNMS, which Norton did not recognize right away. It only later tried to get quarantine/delete it which it failed to do. I tried to reboot the computer into safe-mode to get rid of it manually, the computer (HP running WinXP) refused to log-on (auto-logs-off). It also seems to have set up a new pw for administrator when I wanted to use WinXP’s CD repair feature. Currently I took out the harddrive and made it a slave drive and am now trying to remove the virus using Sophos.
    I definitely would consider the damage value a bit higher than medium. >:-(

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories
More by Keith Regan
More in Security

LinuxInsider Channels