'Heartworm' Uses 'Hoax Cloaking' to Steal Information from Live Messenger Users
Published: September 27, 2006
by Alex Woodie
Security researchers issued warnings last week about a new worm called Heartworm that infects Microsoft's Windows Live Messenger instant messaging software with the goal of stealing users' personal data.
According to FaceTime Security, a Northern California provider of instant messaging security software, Heartworm sends users messages that direct them to a Web site. Once on the Web site, they're presented with an image of a heart with a poem in Portuguese. If the user clicks on that image, it installs files on their computer designed to steal personal information, as well as banking information, FaceTime says.
FaceTime says the malicious Web sites pointed to by the Heartworm worm are hosted on Russian servers. The elaborate ruse also involves hoax-debunking Web sites designed to encourage suspicious Web site visitors to click through.
"This is a form of cultural camouflage which we call 'hoax cloaking,'" says Wayne Porter, senior director of special research at FaceTime Security Labs. "It is a defensive construct that adopts the very lore, memes, myth, and culture of the Internet to serve as a self-preservation and cloaking mechanism. People using trusted search engines to verify the message will find most reputable security companies and hoax-debunking sites confirm it as a myth and disregard it as harmless."