IM virus

I had some users passing around an IM virus today. I’m still trying to get a handle on what virus it was to make cleaning it easier.
The users sent “YAY!! http;//home.earthlink.net/~lzingelmann/IMG0099.com” to each other. I downloaded img0099.com and submitted it to Symantec (haven’t heard back yet) as well as virus total. Virustotal.com saw a few heuristic detections and one detection as a kelvir.
I see over at Harry’s blog that there is a new IM virus out today called virkel. That’s really not good. It does more than attempt to spread. It tries to download other updates and act as a bot. I tried to be the nice guy and let the user take the laptop home with them instead of taking it from them (with the caution that they not log into aim). What a bad choice that was.
I’m still waiting on a useful IM security writeup. I may have to run this in a vm environment just to see what it does if the antivirus industry doesn’t get off their collective butts.
The funny part about this is some of the people who got infected were part of my Facetime evaluation. The version of Facetime that I am running did nothing to help this other than create a log trail for later cleanup. ๐Ÿ™