Microsoft Instant Messenger Virus Sweeps Net

Many people have reported a Warhol virus affecting users of Microsoft Instant Messenger. If you get messaged, "Go To http://www.masenko-media.net/cool.html NoW !!!", or any similar message (apparently there are several websites with the infection code), I suggest not following the link. A brief discussion follows.

Sequence: Get messaged "Go To http://www.masenko-media.net/cool.html NoW !!!" or something similar with another URL. Follow the link. That webpage contains malicious code which gets your messenger contacts and sends a similar message to your contacts. It looks like it uses a vulnerability in formmail.pl as well, although I'm not exactly sure how (I'm not an expert in ECMAscript, sorry, and I have no systems that could possibly be affected by this to test with). I'm sure some of our readers can provide more information in the comments below.

There appear to be several webpages which carried the infected code, not just masenko-media.net. Some webmasters are already taking them down.

Sophistication: moderate. Damage: only your pride.

Solution: probably the latest mega-patch for Internet Explorer will fix the Microsoft bug that allowed this.

Risks: obviously, the code could have done worse than just messaging your contacts. With Microsoft making "messaging" an integrated part of the operating system, any flaws in it can be exploited to affect millions of people instantly, so it is a high-value target. Does it have commensurate high-strength security?

This is news?

[WheelDweller]

Isn't everything 'integrated' into Win9x prone to viruses? (Man, if we could only get these guys to write kernel code or GUI toolkits...)

Well, they'

[z00r]

Contrary to the Orwellian theme, it's clear that in the computer world, ignorance (which causes people to use Windows software) is a major liability.

Re:Gee...

[woodstok]

Actually if you read the EULA for windows nt it says that its not to be used at hospitals in life-preserving machines, nuclear plants and such. Not only did God forbid Microsoft, they actually listened :D

Microsoft and Viruses

[wazootyman]

I don't know what's worse. The fact that you guys can nitpick so much, or the fact that I take the time to read it. You do realize that if linux apps were as mainstream and easy to use as Microsoft products, they'd be exploited just as much, right? Oh wait, I forgot. Those programmers who make 6 figures at Microsoft are just script kiddies who can't code. I'm sure the typical open source programmer could blow any of them away. I'm sure...

Re:Not a Messenger flaw

[essdodson]

And in Linux news today, a patchset is now available to fix file system corruption introduced into the last patch... In other news lICQ has a known DoS, xchat's exploit has now been patched as well... Please download, build and reinstall, be sure to smile and act like your OS has no flaws while you're doing so.

Same thing, different OS, no better, perhaps even worse... MS now even pushes patches to you. Just wait until braindead users find Linux.

Javascript flame

[Sloppy]

I don't get it... why do people whine about this? Just disable Javascript. Everything worthwhile on the web will still work just fine; it'll just go faster and screw you less often. Javascript should be extinct by now: Everyone who uses it hates it, people who turn it off are happier (I have never seen those x10 pop-under ads that everyone talks about), and it doesn't do anything useful. It's all pain with no gain.

Web browsers shouldn't even include it anymore.