The London-based international media company decided to take its Reuters Messaging IM system completely offline after noticing the attack on its network earlier on Thursday, a Reuters representative said.
The new variant attempted to spread by sending fake IM messages to people in contact lists on infected systems, a technique used by earlier Kelvir strains. The messages, crafted to look exactly like legitimate IM correspondence, attempted to lure people to a Web site where their computers would be infected with Kelvir, the representative said.
"In order to protect our customers and other users, and to prevent RM from being used to propagate this worm, Reuters has temporarily suspended the RM service and is working to resolve this matter," the company said in a statement. It has not reported any incidents of users being infected by the attack.
Unlike the free IM software marketed by rivals America Online, Microsoft and Yahoo, Reuters Messaging was created as a corporate tool, closed off from public subscribers and for internal company use only. But in recent years, the company has moved to connect its users with those networks. In 2003, Reuters signed deals with both AOL and Microsoft's MSN unit to allow users of its IM software to link to those services.
Technical workers at Reuters said they believe the new Kelvir attack could also target other IM systems. No other companies marketing messaging software had reported as of midday Thursday.
In a recent report on the growing threat of IM-borne viruses, the IMlogic Threat Center -- an industry consortium led by security software maker IMlogic -- indicated that Kelvir was among the three most frequently detected IM infections at work places, along with the Bropia and Serflog worms. The group also reported that it has seen multiple incidents of IM phishing and identity theft recently reported on IM networks.
At the moment, Reuters has no timetable for bringing the IM system back online, the company said. Representatives said it wants to make sure the issue has been completely remedied before allowing users to begin using the software again.
