Called "Bropia.A," the worm sends a copy of itself to all contacts in MSN Messenger and Windows Messenger instant messaging client applications. It then downloads a Trojan horse program, Rbot, which opens a back door into Windows systems.

The Trojan horse application can then log the keystrokes of the user, collect system information, and spread spam (or "SPIM," as it is called) on instant messaging networks, security firms report. It also disables the right mouse button of the infected machine to block access to context-sensitive menus, and makes changes to Windows volume settings.

Targeting IM

Bropia.A is the latest indication that hackers and spammers no longer are content with spreading malware through e-mail. Akonix, one of the security firms that first sounded the alarm about Bropia, says spim is a growing concern for enterprises, even though its propagation is minuscule compared to spam.

"Unmanaged public instant messaging is quickly becoming one of the most easily exploitable threat vectors into the enterprise ," said CEO Peter Shaw. "The Bropia.A worm is just the latest in a series of attacks that are targeting IM, and organizations are quickly realizing that connecting to public instant messaging networks without an IM security and management gateway in place is analogous to connecting to the Internet without a firewall ."

Not So Funny

This is not the first time MSN Messenger has been targeted. Last October, the W32/Funner worm spread across the MSN Messenger network sending users a message and attachment that, if opened, infected the machine by installing to its registry and then replicating itself. Funner worm caused hardly any damage, since it was relatively easy to contain.

But few expect the situation to remain static. Most security and AV software providers believe that IM viruses -- like the viruses that have attempted to target mobile phones -- eventually will spread in the wild like e-mail worms do. The virus writers are quite aware that IM is the low-hanging fruit in terms of easy exploitation, Sophos security analyst Greg Mastoras tells NewsFactor, and thus they will try and try again.