Slashdot Mirror

← Back to Stories (view on slashdot.org)

New IM Worm On The Loose

Posted by CmdrTaco on from the head-for-the-hills dept.

elfarto writes "Techweb is reporting that a new worm that spreads via Microsoft's instant messaging client began badgering users Monday, several security firms said. Dubbed Funner, the worm propagates by sending itself to all the contacts listed in the user's copy of MSN Messenger, Microsoft's IM client. There is an analysis on Symantec Security Response Site; apparently the worm tries to download stuff from www.78p.com and adds entries to the hosts file pointing to more that 400 Chinese porn sites. The worm also sends itself to the whole contact list as funny.exe so it requires the user interaction to actually execute it. "

15 of 407 comments (clear)

  1. Time to switch, perhaps? by kgbspy · · Score: 5, Insightful

    Just like everyone urged their friends and family to switch from IE to Firefox, now could be the time to recommend gaim to them in place of their regular IM client. Except, maybe, those who like chinese porn.

    --
    ~
    ~
    ~
    -- INSERT --
    1. Re:Time to switch, perhaps? by Doppler00 · · Score: 2, Insightful

      Although I don't see a 30% cpu usage, I do notice that Gaim is currently consuming 19MB of memory. I'm almost certain that's due to some memory leak because it increases over time. That's ludicrous for a program who's purpose is to send TEXT messages.

      I have almost considered helping them instead of complaining, but I have no idea where to get started on an open source project.

      I'll still continue to use Gaim until another GPL/LGPL multiple IM client comes along.

  2. LUA by dioscaido · · Score: 3, Insightful

    I'm dissapointed that MS hasn't done a big enough push to get people accustomed to running as a limited user, versus running as Administrator all the time. This is the main reason why linux/OSX are more 'secure' -- programs like these would execute as user, not as root, given the OS's both discourage people from runnin their every day tasks as root. If the users who get this funny.exe were not running as Administrator, their system wouldn't get infected. The app may be able to propagate itself, but a quick log off/log on would kill the virus.

    1. Re:LUA by BurritoWarrior · · Score: 4, Insightful

      ...because a TON of windows software won't run or install if they do?

      Seriously, they would have 19 gazillion support calls the next day.

    2. Re:LUA by RAMMS+EIN · · Score: 4, Insightful

      You can still do a lot of harm using a regular user account. Deleting a user's files (often more valuable than the software, which can be reinstalled), propagating over the network, to name a few. You can also try to exploit local vulnerabilities to gain full privileges, or trick the user into giving them to you.

      And don't think loggin out and back in would solve the problem; you just install in the user's logon scripts rather than the system boot scripts.

      Apart from protecting other users' files, non-privileged accounts don't add a whole lot of security. And on Windows, it hardly works anyway. There are many things that should work for regular accounts but don't, and other things that shouldn't but do.

      --
      Please correct me if I got my facts wrong.
  3. Terminology question by rackhamh · · Score: 2, Insightful

    I'm not up to speed on the terminology (yes, I've been living under a rock, and it's very cozy under here). Is it really a "worm" if it requires the user to execute it?

  4. Re:This will be successful..... by mr_don't · · Score: 4, Insightful

    I'm with you, but you know, my users a t work will run ANYTHING...

    Users can be psychotic sometimes...!

  5. Worms... by TrancePhreak · · Score: 4, Insightful
    Doesn't sound like a worm to me at all.
    A computer worm is a self-replicating computer program, similar to a computer virus. A virus attaches itself to, and becomes part of, another executable program; however, a worm is self-contained and does not need to be part of another program to propagate itself.
    Computer Worm
    --

    -]Phreak Out[-
  6. Re:This will be successful..... by Zakabog · · Score: 5, Insightful

    Let's see, the average persons friend sends them a file called funny.exe. The average person really enjoying the kind of crap that their friend's send them online, executes funny.exe (which by the way will show up as just "Funny" on the average computer as extensions are hidden by default) gets infected by the worm, notices they get a ton of pop ups, porn sites, all kinds of junk and their computer runs really slow, blames the manufacturer of the PC (Gateway, Dell, IBM, whatever.) Never realizes it was an issue with MSN to begin with, continues on with their life promising to never buy another computer from Gateway, Dell, IBM, whatever. I've seen it happen so many times. My uncle even blames me for the crap that gets installed on his computer (usually while I'm not there, as I live 300 miles away) and doesn't really thank me when I install ad-aware and get rid of the junk (thinking whatever he just did on the computer made everything work right.)

  7. Re:This will be successful..... by PhoenixFlare · · Score: 4, Insightful

    Gotta love how insulting generalizations are "Insightful" around here when you're referring to a MS product. Just because some MSN users are ignorant, does not mean all of them are.

    That's like saying "All Linux users are elitist snobs", just because there's some jerks mixed in out there.

  8. Suspicious... by LavaDevil94 · · Score: 3, Insightful

    Methinks this might have something to do with the recent ban on porn in China...

  9. Re:This will be successful..... by bmo · · Score: 4, Insightful

    "Gotta love how insulting generalizations are "Insightful" around here when you're referring to a MS product. Just because some MSN users are ignorant, does not mean all of them are."

    Not only are MSN users ignorant, most Joe and Josephine users are that ignorant *in general*.

    I just spent 3 hours today cleaning up a machine that had upwards of 60 trojans and other malware on it. One of which was a keylogger. It was amazing that this machine ran at all.

    Does the owner of said computer have any clue about how all this malware got there? Nope. He's got 3 kids, though, that all use the same computer. I

    He is ignorant, in the truest sense of the word. He is also *typical* of most home computer owners. People these days expect their machines to simply work, like toasters, because the interface hides the real complexity. I have been trying to educate him, and it's been a battle.

    But regardless of that, MSFT has never done any User Education itself. Bill prefers it that way, and that's a shame. Keeping the users ignorant allows MSFT to Blame The User when it comes to exploits (You Failed to Upgrade!), allows them to force DRM down their throats, and basically allows the company to run roughshod over its customer base, without complaints.

    So yes, MS users are ignorant. They simply do not know better, and their precious vendor, Microsoft, is aiding and abetting this ignorance.

    So what are *you* doing to educate your users?

    --
    BMO

  10. Hell by papasui · · Score: 4, Insightful

    When I was still doing phone cable modem support (I'm the network engineer now) I spoke with more than one person that said they opened the attachement in their email because they wanted to see if it a was a virus. This thing will spread like that goatse.cx guys ass.

  11. Re:Another reason to move to GAIM by Tongo · · Score: 3, Insightful

    Why couldn't someone write a worm that infected IM clients on Linux. Damn, don't you get it? Any box that isn't physically isolated from the rest of the world is vulnerable. Linux and GAIM are both less vulnerable only so far as people don't target them.

  12. Re:This will be successful..... by MmmDee · · Score: 2, Insightful

    It would definitely be helpful if Windows would display a "marker" of some sort adjacent to all executable files/scripts. But then, who would have thought that opening a jpg could be harmful. Thanks for the feedback.

    --
    No man's an island, unless he's had too much to drink and wets the bed.