Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Instant Messenger Virus Sweeps Net

Posted by ryuzaki0 on from the RISKs-of-homogeneous-computing dept.

Many people have reported a Warhol virus affecting users of Microsoft Instant Messenger. If you get messaged, "Go To http://www.masenko-media.net/cool.html NoW !!!", or any similar message (apparently there are several websites with the infection code), I suggest not following the link. A brief discussion follows.

Sequence: Get messaged "Go To http://www.masenko-media.net/cool.html NoW !!!" or something similar with another URL. Follow the link. That webpage contains malicious code which gets your messenger contacts and sends a similar message to your contacts. It looks like it uses a vulnerability in formmail.pl as well, although I'm not exactly sure how (I'm not an expert in ECMAscript, sorry, and I have no systems that could possibly be affected by this to test with). I'm sure some of our readers can provide more information in the comments below.

There appear to be several webpages which carried the infected code, not just masenko-media.net. Some webmasters are already taking them down.

Sophistication: moderate. Damage: only your pride.

Solution: probably the latest mega-patch for Internet Explorer will fix the Microsoft bug that allowed this.

Risks: obviously, the code could have done worse than just messaging your contacts. With Microsoft making "messaging" an integrated part of the operating system, any flaws in it can be exploited to affect millions of people instantly, so it is a high-value target. Does it have commensurate high-strength security?

27 of 400 comments (clear)

  1. this didn't infect me.. by Anonymous Coward · · Score: 2, Funny

    because I was using the linux version of Microsoft Messenger!

    1. Re:this didn't infect me.. by Anonymous Coward · · Score: 1, Funny

      Ok, so who here will write the best "your friend should update his insecure windows-system, so that you don't keep on getting this message"-version of this script? ;-)

  2. Well, that's one less effectual site for vectoring by Second_Derivative · · Score: 5, Funny

    If the entire population of slashdot accessing that site to point and laugh at the exploit code and how it doesnt affect them doesnt constitute a slashdotting, I dunno what does =) I already cant access it.

    Someone post more links to the other vector pages, if we can't get them down any other way we'll bum-rush em ;)

  3. in the eye of the beholder by rakerman · · Score: 3, Funny

    With a name like Warhol, obviously this isn't a virus, it's a form of art.

  4. ToO mAnY cApS!!!11 by Anonymous Coward · · Score: 5, Funny

    iF yOuR fRiEnDs SeNd YoU mEsSaGeS fOrMaTtEd LiKe ThIs, YoU nEeD tO fInD nEw FrIeNdS!!!11

  5. what's the url? by MathJMendl · · Score: 4, Funny

    What's the url for this virus? The link to "Go To http://www.masenko-media.net/cool.html NoW" wasn't clickable. Please fix this, /. admin!

    --


    "I have not failed. I've simply found 10,000 ways that won't work." --Thomas Edison
    1. Re:what's the url? by Covant · · Score: 3, Funny

      I think your sarcasm font is broken...

      That reminds me, I wish MSN had tone markup's..
      they've got enough of those dumb smiley faces.

      --
      "Peace, Love and Apathy"
  6. Kinda funny.. by jfroot · · Score: 5, Funny

    I get this message from this girl I kindof like on MSN saying to go to this URL urgently. So I do (duh!). Turns out it is a porn site.. So I'm thinking what is this girl saying? Is she dropping some no so subtle hints? As I ponder this I get a MSN message from my mom asking me why I sent her a link to a porn site.. then I understood..

  7. Finally! by digitalcowboy · · Score: 5, Funny

    I've been reluctant to use the MS IM client because it didn't appear they had fully integrated it's virus abilities with all their other software. Now that it's part of a fully integrated Microsoft Virus Productivity Suite, I'm ready!

    Can anybody tell me where I can sign up for one of those Passport Universal Identifier and Cybercash Wallets and get the MS implant in my right hand or forehead?

  8. Microsoft Article Virus Sweeps Slashdot by guttentag · · Score: 3, Funny
    Four entries in the Microsoft topic in one day?
    1. Microsoft Instant Messenger Virus Sweeps Net
    2. What is .NET?
    3. States Demand Windows Source Code
    4. Details of MSFT's Antitrust Lobbying
    There were none yesterday, or the day before... the calm before the storm...
  9. It could be worse... by Cowculator · · Score: 4, Funny

    "Go To http://www.goatse.cx NoW !!!"

    Imagine if your friends suddenly knew not only that you were gullible enough to fall for a virus like that, but that you had seen that site...

  10. Oops by Eric+Damron · · Score: 3, Funny

    I just copied and pasted part of this story into an outlook email and sent it to our staff warning them of the problem. The address to the masenko-media site came out as a URL. I wonder how many users will click it?

    --
    The race isn't always to the swift... but that's the way to bet!
  11. Re:The solution... by DeathPenguin · · Score: 1, Funny

    >>Is the solution simply to not use Microsoft Messenger?

    No, but that's a good start.

  12. Month half over by 3ryon · · Score: 4, Funny

    I guess they will need the whole month to 'focus on security'. Good thing they budgeted so much time.

    --
    Kind thoughts do not change the world
  13. I hope that the virus writers... by Rune69 · · Score: 2, Funny

    ...are aware of the seriousness of their acts.
    Don't they know that virus making will soon be considered a hate crime?

    On another note, I wonder how many victims of the Warhol virus also caught this recent virus.

    --

    When faced with a problem, many web developers say "I know, I'll use JavaScript!".
    Now they have two problems.
  14. In related news by Metrollica · · Score: 4, Funny

    The "Don't Fucking Open Me!" virus is still spreading havoc.

    E-mail inboxes were flooded with messages this morning as a new virus quickly spread around the world. Dubbed "Don't Fucking Open Me" by anti-virus researchers, the infected e-mail follows a similar course to other viruses and replicates by sending itself out to everyone in the infected computer's Outlook and Outlook Express address book. The virus also contains two different payloads: one version formats the hard drive and displays the message "This is for your own good"; the other payload creates random Power Point presentations in the "My Documents" folder.

    Savvy users can spot the virus by its subject which is "Don't Fucking Open Me" or by the attachment which is entitled "Don't_Fucking_Open_Me.exe".

    "This virus tricks the user with an old psychological tactic called reverse psychology. Apparently the curiosity created by the message has been too much for thousands of users," said anti-virus researcher Bob Atibop. According to Atibop, this isn't the first time reverse psychology has been used. In 1998, the "Don't Pee on Your Keyboard" worm caused a flood of damage.

    Researchers have seen large infection among AOL users and middle managers, the two largest concentrations of naive and inept computer users.

    Claudia Hawkins who was infected by the virus said, "My son told me not to open attachments, but.... I mean my MOM sent it! What if she was hurt?!?"

    Another infected user too embarrassed to reveal his name said, "I thought that there was no way that this could be a virus. What kind of stupid idiot virus writer would put a dumb title on it like that? No one would ever open something that says not to open it. The virus would never spread defeating the whole purpose of it."

    Experts advise extreme caution when opening messages entitled "Don't Fucking Open Me" or "Click Here for Cash and Virus Infection".

    --



    --Metrollica
  15. People clicking on links... by Macrobat · · Score: 5, Funny
    True story:

    I just visited my friend's brother to pick up a used telescope. His brother's system is down because he clicked on a link in an email that said something like "pictures of me naked."

    When I told him that anything like that was obviously a worm or some kind of scam, he responded: "But it was from a girl who DOES send me pictures of herself naked!"

    Didn't know what to say to that.

    --
    "Hardly used" will not fetch you a better price for your brain.
    1. Re:People clicking on links... by roystgnr · · Score: 5, Funny

      Didn't know what to say to that.

      Well, duh. Two words:

      "Prove it!"

  16. The joys or irony... by wrinkledshirt · · Score: 2, Funny

    I hate Microsoft, but my favourite part isn't this story. My favourite part is the link directly under it.

    < What is .NET? | Linus Merges ALSA Into 2.5.4 >

    You gotcher answer, folks.

    --

    --------
    Bleah! Heh heh heh... BLEAH BLEAH!!! Ha ha ha ha...

  17. Re:Well, that's one less effectual site for vector by Anonymous Coward · · Score: 1, Funny

    Woo.. You used organized, and OSDN in the same sentance! That's pretty funny stuff!

  18. Re:interesting article on the reg by sam_handelman · · Score: 5, Funny

    "this bug should not have been there" rants don't count as a solution

    You're artificially restricting the sphere of possible solutions to things that might help, which is intellectually honest. Shame on you.

    In ancient Sumeria, they used to execute architects when the buildings that they constructed collapsed. By the same token, we should kill some people.

    If we've learned one thing from the 20th century, it is that big government is inefficient. Therefore, the killings should be handled by the private sector.

    The proceedings against MS are criminal, in addition to civil. In a criminal proceeding, the judge is perfectly justified in issueing fatwas against MS programmers who write buggy code - this is a well established precept of Sharia.

    Thus, I've proven that the free market will take care of MS on it's own, punishing it for buggy programming - through highly paid mercenary assassins, with EULAs to kill.

    I want to test and see if anyone reads their EULAs. Distribute a piece of software with an EULA that says, about halfway through-
    "By installing this software, you agree to take up arms in defense of (company name), march to the fastness of her foe, and slaughter her enemies. Please register the software so that we can give you your orders."

    --
    The good and new comes from no quarter where it is looked for, and is always something different from what is expected.
  19. Duhhhh... Why not... by Shuh · · Score: 5, Funny

    Why not add a Javascript ticker-tape display to Slashdot so we can just watch the M$ virii/security-holes flash by like so many stock market reports?

  20. cheap shot by MaxwellsSilverHammer · · Score: 2, Funny

    Was this before or after they investigated the code for security problems per the new order?

  21. Re:CAPITALS ARE GOOD by amanb · · Score: 5, Funny

    > I hate my COBOL! course

    Is that the Yahoo! version of COBOL?

  22. Re:Warhol? worm by interiot · · Score: 3, Funny

    Where's my "+1, Ironic" mod when I need it?

  23. Re:Not a Messenger flaw by Malcontent · · Score: 3, Funny

    "Install the patch and be done with it."

    On all 5000 desktops of your corporation.

    --

    War is necrophilia.

  24. Only the paranoid will survive... by jonr · · Score: 3, Funny

    Well, I tried the Register demostration page, and I only got this:
    "Sorry, there was an error in the script.
    This may well be due to your IE security settings - try resetting them to default and trying again.
    ..."
    IE6 is much better when it comes to security and privacy than IE5.