Slashdot Mirror

← Back to Stories (view on slashdot.org)

New IM Worm On The Loose

Posted by CmdrTaco on from the head-for-the-hills dept.

elfarto writes "Techweb is reporting that a new worm that spreads via Microsoft's instant messaging client began badgering users Monday, several security firms said. Dubbed Funner, the worm propagates by sending itself to all the contacts listed in the user's copy of MSN Messenger, Microsoft's IM client. There is an analysis on Symantec Security Response Site; apparently the worm tries to download stuff from www.78p.com and adds entries to the hosts file pointing to more that 400 Chinese porn sites. The worm also sends itself to the whole contact list as funny.exe so it requires the user interaction to actually execute it. "

39 of 407 comments (clear)

  1. Another reason to move to GAIM by JosephusTX · · Score: 2, Funny

    Had to be the first - I enjoyed the Screen Savers segment!

    1. Re:Another reason to move to GAIM by Lehk228 · · Score: 2, Funny

      damn, i knew they should have left the gaim file xfer broken

      --
      Snowden and Manning are heroes.
    2. Re:Another reason to move to GAIM by RLiegh · · Score: 4, Funny

      and you forgot poland, as well.

    3. Re:Another reason to move to GAIM by jobeus · · Score: 2, Funny

      No, I bet he was talking about http://www.youforgotpoland.com/.

    4. Re:Another reason to move to GAIM by ATMAvatar · · Score: 4, Funny

      Why switch to GAIM? If you were using the regular MSN client, you'd be up quite a bunch of money - 400+ chinese porn sites times $240

      --
      "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
    5. Re:Another reason to move to GAIM by BlackHawk-666 · · Score: 2, Funny
      Furthermore, only a handful of viruses manage to run under WINE, as viruses can do some tricky stuff.

      The WINE team are working hard every day to improve their compatibility with modern Windows viruses for the Windows enthusiast who insists *all* of their software runs.

      --
      All those moments will be lost in time, like tears in rain.
  2. it finds porn? by Anonymous Coward · · Score: 5, Funny

    How is this a bad thing?

    1. Re:it finds porn? by strider44 · · Score: 2, Funny

      Too late

  3. This will be successful..... by bob65 · · Score: 3, Funny
    Because we all know everyone executes a file called "funny.exe" without thinking.

    Geez, who cares. If a dumbass like me thinks that would be ridiculous, I'm sure everyone else in the world would think so too.

    1. Re:This will be successful..... by HermanAB · · Score: 5, Funny

      No, worm.exe won't spread nearly as fast as virus.exe...

      --
      Oh well, what the hell...
    2. Re:This will be successful..... by elhedran · · Score: 3, Funny

      When I heard about it, first thing I thought was "Hey, at last a practical use for those Turing test AI's"

      virus: hey its [nick gotten of settings] here, you gotta check this out.
      * virus sends file
      bob: did you check it for virus
      (match word virus) virus: yeah, I checked it out, its safe.

      Also could check for 'is it...you', various 'bye's, etc. Actually get around the 'don't run stuff you shouldn't trust thing'.

      Now mod me down before a worm author sees this comment and actually writes a messenger worm like that :)

    3. Re:This will be successful..... by GMFTatsujin · · Score: 5, Funny

      Everything except a virus checker...

      *sigh*

    4. Re:This will be successful..... by Jesus_666 · · Score: 2, Funny

      That's like saying "All Linux users are elitist snobs", just because there's some jerks mixed in out there.

      No, dude. Linux users are paranoid anti-Microsoft zealots who try to convert Win users to Linux 24/7. The Mac folks are the elitist snobs.

      --
      USE HOT GRITS WITH STATUE OF NATALIE PORTMAN (NAKED AND PETRIFIED)
  4. Woohoo! by Gogo+Dodo · · Score: 5, Funny

    Time to cash in!

    1. Re:Woohoo! by pHatidic · · Score: 4, Funny

      No way this is just a hoax. More likely what really happened is the sysadmin who removed the virus found 400 chinese porn sites and when the user was confronted about this he just blamed the virus.

  5. Dammit by badfrog · · Score: 5, Funny

    Guess my workday tomorrow has been planned out in advance. (I have dumb users.)

  6. d'oh by Anonymous Coward · · Score: 5, Funny

    "..and adds entries to the hosts file pointing to more that 400 Chinese porn sites"

    First good reason i hear to switch to Windows.

  7. worm isnt going to do much damage by Indy1 · · Score: 4, Funny

    host www.78p.com
    www.78p.com has address 1.10.5.89

    --
    Lawyers, MBA's, RIAA? A jedi fears not these things!
  8. A step back by Sheepdot · · Score: 4, Funny

    Wow. We've gone from viruses pretending to be porn in order to do funny things to your computer to viruses pretending to be something funny that give you porn.

  9. Re:why MSN is having trouble? by Anonymous Coward · · Score: 5, Funny

    Is this why MSN messenger seems to have been down for about 12 of the last 24 hours?

    No, that's normal.

  10. Trolling... by Mori+Chu · · Score: 5, Funny
    Well this shouldn't be any problem; it requires the user to actively click an attachment, and users are educated enough not to do that...

    And they don't run as Admin anyway, so the worm couldn't even infect them if they did click it...

    And Microsoft will surely release a prompt fix to address this issue...

    So I don't see what the problem is here. :-)

  11. Clever! by ATomkins · · Score: 5, Funny

    Ohhhh... I see the plan... we slashdot 78p.com, thus limiting the 'worm's damage!

    Good thinking, guys!

    Just doing my part. ;)

  12. Worm name in article is wrong by diagnosis · · Score: 4, Funny

    It should be 'more fun', not 'funner'.

    ------------------
    Rate free iPod offers: RateTheOffers.com
    (Flat screens and Desktop PCs too)

  13. Re:400 porn sites? by Daniel+Ellard · · Score: 4, Funny
    Imagine the time and persistance it took to find 400 Chinese porn sites, what with the Chinese government breathing down your neck and all that. This author is no simple script kiddie; this is a wormer who has corporate sponsorship and/or does all his browsing with one hand...

    --
    Disclaimer: I work for a company, but I don't speak for them.
  14. Re:I saw Cmdr Taco post this live on TV by Anonymous Coward · · Score: 1, Funny

    And Hemos, even after having seen Taco post this live, will be posting a dupe momentarily.

  15. OH NOES!! THE APOCALYPSE!!1 by Anonymous Coward · · Score: 1, Funny

    Ahhh! The Screen Savers are trying to slashdot slashdot! Quick! Duck and Cover! The bandwidth bomb cometh!

  16. You can be rich !! by ganhawk · · Score: 5, Funny

    Is the worm author most benovelant guy or what ?

    China rewards porn snitches
    1)run windows 2)get infected 3)receive list and fwd to the chineese authority 4)profit!!

    --
    Python script to convert photos into "artsy" portraits: http://p2pbridge.sf.net/pyPortrait/
  17. PROFIT! by Anonymous Coward · · Score: 1, Funny

    400 chinese porn sites x 240 dollar bounty =

  18. Re:LUA by myowntrueself · · Score: 4, Funny

    In my experience the main cause of applications failing to run as non-admin user is copy protection on games.

    Frequently, these start up a service when they run. It would be very hard to make these work as non-admin.

    Personally, the first thing I do when I find a game like this is download a no-cd patch/crack. Then I can run it unprivileged.

    There are exceptions; the last icq client I tried won't even run as 'power user' and must be run as administrator.

    The developers of this sort of rubbish need electric shocks applied to their genitalia every time someone gets infected through their crap application.

    --
    In the free world the media isn't government run; the government is media run.
  19. Re:It's all part of life by Izago909 · · Score: 2, Funny

    With enough publicity the average Joe User will learn safe IMing habits...

    The average Joe won't learn safe computing habits until Dell, Gateway, HP, and Compaq start issuing keyboards and mice complete with 10,000 volt negative reinforcement "bad user, no treat" features. People with no computer knowledge are the last to admit their ignorance caused their problems.

  20. Fact checking? by Ratcrow · · Score: 4, Funny

    "pointing to more that 400 Chinese porn sites"

    How do they know that all 400 are porn sites? Did someone actually sit down and visit every one?

    Also, are they hiring?

    1. Re:Fact checking? by 10+Speed · · Score: 2, Funny

      I did...and only a small percentage are....

  21. is it just me or is it my friends by Unknown+Poltroon · · Score: 4, Funny

    But i would NEVER open something they sent me called funny.exe. I know about their senses of humor.

    --
    All Troll + "offtopic" mods are meta moderated as "Unfair", because you abused the system.
  22. Funny.exe funny extension by Mister+Liberty · · Score: 2, Funny

    What type of file is that anyway, exe file.

  23. So much for natural selection by Lurgen · · Score: 5, Funny

    A worm that spreads via IM? Or a worm that spreads via stupid dumb-ass users who don't know better than to run a .exe they weren't expecting to receive?

    One day, with a bit of luck, people opening attachments/files/emails/whatever like this will be considered much the same as people eating strange pieces of food that they find in the street.

    For those in the support side of the field, remember that as long as there are stupid people (and there always will be) security vulnerabilities will always be a poor second cousin to humans. The bulk of your support calls won't come from clever little worms that capitalise on obscure security flaws in a product, they'll come as a result of idiots thinking that "nakedwoman.exe" is actually something they want to see.

    Yet another reason we should embed cattle-prods into keyboards... "wow, some stranger sent me some naughty pictures of herself! Pity they're archived, I'll just double-click and let them extract themsel *zaaaaaaaap!!!*"

  24. Re:400 porn sites? by Anonymous Coward · · Score: 1, Funny
    Imagine the time and persistance it took to find 400 Chinese porn sites,

    They stole my bookmarks....THE BASTURDS

  25. These. ..Chinese porn sites by Anonymous Coward · · Score: 0, Funny

    Please, tell me more.

  26. Did I miss the memo? by Ayanami+Rei · · Score: 1, Funny

    When did webcam support become a requisite feature of _instant messaging_???

    Was that when some attention-starved sluts starting showing off their boobs... or when cell phone companies started tacking CCDs onto their gadgets so you could spend $5 on data fees uploading blurry pictures in your mobile IM session?

    --
    THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
    1. Re:Did I miss the memo? by blowdart · · Score: 3, Funny

      Was that when some attention-starved sluts starting showing off their boobs...

      You sound like you think this is a bad thing.

      Anyway, it's not like IM is a professional tool, it started off as a quick way to send little messages and grew. Think about the main user base teenage kids, folks in their early twenties and geeks. Of course it's a reasonable guess to say 50% of that user base is male. So that's geeky males, student males or males going through hormone hell. Of course it became a requsitie when breasts appeared.