Consumer

Security-Alert: Active links in Messenger 2009 temporarily turned off to prevent a malicious worm!

A particularly malicious worm (a self-replicating computer virus) is currently trying to spread itself through many of the world’s largest instant messaging and social networks, including Windows Live Messenger 2009. We’re very serious about protecting our customers, and are pursuing multiple avenues to help stop its progress. The worm spreads by inserting a link into an IM conversation with a person whose computer is already infected. When someone clicks the link, it opens in a browser, downloads the worm on the recipient’s computer, and then repeats this process.

Normally, when Messenger sees a web address in a conversation it is turned into a hyperlink which, when clicked, automatically opens in a web browser. This feature makes it very easy for the malicious worm to be unknowingly installed on your computer by clicking on the link and being sent to a web site containing the malicious software. We’re pursuing a number of activities to help protect you, working actively with industry experts and law enforcement to help stop this criminal activity.

Most notably, we’ve temporarily turned off active hyperlinks for web addresses sent in IM conversations using Windows Live Messenger 2009. You will still be able to copy a web address and paste it into a browser window if you know it to be safe, but by removing active hyperlinks from Messenger 2009, we’re taking a significant step towards stopping the unintentional spreading of this worm.

Because we’ve now blocked active links in Messenger 2009, starting today, some customers may also see a notification in the main Messenger window warning them that some features might not be available.

Messenger 2011 is not impacted in the same way, thanks to its Link Safety feature. However, we are actively monitoring the situation and investigating different approaches to help protect customers using the latest version of Messenger, should the situation change.

As always, we encourage customers to exercise caution with links to web pages that you receive in IMs, especially if the links are to a web page that you are not familiar with, unsure of the destination of, or suspicious of. Malicious software may be installed in your computer simply by visiting a web page with harmful conteaqnt.

“If you think your computer may have already been infected by a malicious worm, check the , please visit the Source Security TechCenter on Microsoft TechNet, and then download and use the Source malicious software removal tool. For additional help with Messenger, check out the Source Messenger Solution Center

Source Windows Team Blog.