Worm Prompts Temporary Shutdown of Reuters Messaging http://www.washingtonpost.com/ac2/wp-dyn/A54256-2005Apr14?language=printer Reuters Thursday, April 14, 2005; 6:30 PM
SEATTLE (Reuters) - Reuters Group Plc. has temporarily shut down a privately controlled instant messaging service after a computer worm affected some of the network's users, the media company said on Thursday. The worm, which exploits a vulnerability in Microsoft Corp.'s instant messaging software, was first detected on the Reuters network early on Thursday, and the company suspended the service five hours later, a spokesman for the London-based company said. The worm, known as W32/Kelvir-Re, was not designed specifically to target users of Reuters Messaging, an instant messaging service based on Microsoft's messenger technology, the company and a technology analyst said. Reuters offers the messaging service to financial clients along with its data and news services. There are more than 60,000 active users. Microsoft said it was working with Reuters to resolve the issue. "In order to protect users and to prevent Reuters from being used to propagate this worm, Reuters has temporarily suspended Reuters Messaging services," said Reuters spokesman Steve Naru. Naru did not say when services would be restored, but said Reuters was working to resolve the issue "as quickly as possible." The Kelvir worm and its variants have been identified as a threat to those using instant messaging services since the beginning of the year. Anti-virus companies already provide patches for the worm. The worm can jump between e-mail and messaging. It is designed to entice users into clicking a link that can activate the worm, which propagates by sending itself to all the names in an infected user's contacts list. Naru said that technicians were testing a filter that would prevent the spread of the Kelvir worm and would restore Reuters service as soon as that was complete. Corporate clients running anti-virus and firewall systems would have been protected from the worm, which only affected "a handful" of Reuters clients, Naru said. Although Reuters operates a closed network meant only for internal users and clients, the worm could have reached the network via -email, said Francis deSouza, chief executive of computer security provider IMLogic. "It just generated a flood of instant messages," deSouza said. "So it suddenly slowed down the network for legitimate traffic." You are a subscribed member of the infowarrior list. Visit www.infowarrior.org for list information or to unsubscribe. This message may be redistributed freely in its entirety. Any and all copyrights appearing in list messages are maintained by their respective owners.
