Microsoft has made available for download the beta milestone of the upcoming version of Windows Live Messenger at the end of the past week. But as the download for the Windows Live Messenger 8.5 Beta for Windows XP SP2 and Windows Vista went live, security company Symantec warned of the spreading of two fresh new instant messaging worms targeting Microsoft's IM client.

W32.Posse and W32.Mubla spread via Windows Live Messenger with the help of a little social engineering and previously infected computers. Users should keep away from unsolicited messages coming from the friends in their Messenger list using "photos" and "boobs" as incentives. Symantec warned that the worms spread via the following messages "Here are my private pictures for you", "Here are my pictures from my vacation", "My friend took nice photos of me. you Should see em loL", "its only my photos","Nice new photos of me and my friends and stuff and when I was young lol", "Nice new photos of me!! :p" and "Check out my sexy boobs :D."

According to the Cupertino-based security company, the two worms will infect Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP. However, Symantec made no mention that Windows Vista is affected by either W32.Posse or W32.Mubla.

"Although the default language that the worm uses is English, before deciding whether to use English messages the worm first checks the locale of the infected computer. It then randomly chooses one of the following messages depending on that locale," revealed Liam Omurchu, Symantec Security Response Engineer.

In addition to English, the W32.Mubla worm will also send out messages in Spanish, German, Dutch, Italian, and French. "After sending one of the above messages to your online contacts the worm then prompts the contact to receive the photos mentioned from the infected machine using the filename photosalbum-2007-5-26.scr. Of course there are no photos involved - a copy of the worm is delivered instead. Apart from sending a copy of itself to all of your contacts the worm also connects to an IRC server to both report the infection and to receive further commands. The worm has the ability to download and execute more files, initiate a DoS attack and steal stored passwords from the infected machine amongst others," Omurchu revealed.