Known as Palevo.DP, the worm appears to be a recode of the Palevo malware family, reworked for instant messaging (IM) channels.
Like many of the more successful worms of late, Palevo.DP takes a hybrid approach to its propagation, appearing in users IM clients as a spammed message with a smiley message link to an interesting photo.
Unfortunately for URL clickers, the link routes to a malware code loader, which then permeates the users' Windows XP environment, opening up the possibility of further malware being loaded and complete remote takeover of the users' PC.
According to BitDefender, one of several ITsec vendors that detected the worm, having an unprotected system infected with Palevo.DP is a synonym for mayhem.
"First and foremost, the worm creates several hidden files in the Windows folder: mds.sys, mdt.sys, winbrd.jpg, infocard.exe and modifies some registry keys to point towards these files in order to annihilate the OS' firewall", the company reports.
The Palevo worm doesn't just infect other systems, as its payload is designed to intercept user credentials entered into most popular web browsers, which BitDefender says makes it risky for users accessing online banking or shopping sites.
Unconfirmed reports also suggest that variants of the worm are also infecting users of filesharing services.
"We recommend users to be extremely cautious and to not click any suspicious links they receive via IM clients before checking with the links' sender to verify the validity of the websites to which these links point", said Catalin Cosoi, a senior researcher with BitDefender.
"The Palevo offensive is highly aggressive and during the very beginning of the outbreak we have witnessed rates of infection which easily exceeded 500 percent growth per hour for countries like Romania, Mongolia or Indonesia", he said.
BKIS, meanwhile, calls the worm Ymfocard.fam and classes it as a botnet, noting that, as it infects, it attaches itself to the Windows Firewall list, stops the Windows Update service, and configures itself to execute on each system reboot.
"The nature of this attack is nothing new, because some worms already used this way of attack", said BKIS researchers in their security blog.
"However, it is always potentially dangerous to unwary users. Bad guys have integrated some phishing elements to trick users into clicking the link and then opening the downloaded file."