Microsoft Messenger Virus Hits Reuters IM

steman writes "Reuters had to temporarily shut down its private instant messaging service after being targetted by the W32/Kelvir-Re trojan. Reuters Messaging is implemented with Microsoft messenger technology and has more than 60,000 users. When activated, the Kelvir trojan sends itself to all users contacts via email and IM. Francis deSouza, chief executive of computer security provider IMLogic, said 'It just generated a flood of instant messages, so it suddenly slowed down the network for legitimate traffic. This is certainly a wake-up call, IM is just like any other communication media. The media needs to go hand-in-hand with security.'"

Old News

[thetamind_pyros]

Ummmm.. check the date on that article. This happened 2 1/2 weeks ago. I thought this was a NEWS site.... Oh right, I shouldn't make such assumptions.

Re:Why isn't filtering more instantaneous?

[0x461FAB0BD7D2]

In ICQ's Security and Privacy Permissions settings, you can choose to decline World Wide Pager, EmailExpress and other forms of spam.

I'm using 2003a, so your settings may be different.

stupid virus

[dioscaido]

The user needs to click on a link in the IM message, and needs to click on 'yes' on the XPSP2 warning about running unkown executables.

If I'm not mistaken, didn't this vulnerability get fixed a while ago on MS/MSN Messenger?

Re:Jabber anyone?

VOIP ? Video Conferencing ? Shared Whiteboard ? remote desktop sharing ?

Re:Microsoft Messenger?

What choice? With XP (both Home and Professional) Microsoft Messenger is installed and running whether you want it or not! In addition, it is a PITA to remove. I think the DOJ forced Microsoft to make it easier to disable, but that of course assumes that the typical user is capable and aware of the need to remove it!

Details here:
http://www.theeldergeek.com/messenger_removal.htm

However, note (from the above source):
In none of the cases below is Messenger actually 'removed' from the system. You can hide it, prevent it from starting, disguise it, and fool the system into thinking it's not available - but it isn't removed. It's still on the computer and a part of the operating system.

Ever used IRC? Email?

[SaDan]

If you have used either IRC or email, then you have no reason to not "get it".

IM is just a faster version of email, and pretty much the same thing as IRC (with a dumbed down interface).

Others have stated the merits of asynchronous communication via IM (just like in email/IRC), and the ability to communicate with more than one party at the same time.

IM doesn't make sense for everyone (I don't use it at work, others do). Some people do not need or appreciate the positive aspects of IM.

Re:Die IM, Diiiieee

[carambola5]

While obviously not the main reason most people use IM, some of us do have friends on different continents with whom we'd like to have conversations. Phone is out of the question, and email is too choppy.

Re:Jabber anyone?

[tabo_peru]

We already have all that (except for the whiteboard) in separate products, those things shouldn't be in a IM solution IMHO.

Re:of course its microsofts fault

[dioscaido]

Run Outlook Express > Options > uncheck 'Automatically log on to Windows Messenger'

Messenger won't come up automatically.

But again I agree it's a pain.

Re:Jabber anyone? (whiteboard)

[tabo_peru]

Apparently yes, with The Coccinella jabber client.

Re:How inconveniant

If your OS can execute a program to let you do your finances, it can execute a program to then send that data somewhere.

Why should your os allow access to financial files to a program that it allows it to send anything anywhere but your bank as identified and certified by a trusted third party?

So how do you write software which is usable by humans, but not usable by worms?

Thats what people asked themselfs when working on openvms and multics, its what they wondered about after the morris worm. The people who found answers where not obducted by aliens after they did! They where just ignored for a decade, which may be even worse... well for the rest of the world anyway.

Most of the answers are right in the orange book. Another answer is not to use a language/platform that allows for buffer overflows when doing something mundane.

I am not saying these ideas are perfect, I am saying they are almost thirty years old but not advertised at compusa! They are currently being "reinvented" very very slowly. AMD offers memory that is hard to run instructions from, microsoft started adding bufferoverflow fighting tricks to its compiler and from time to time compiles some of its producs with it. Unix alikes have trouble deciding their aproach but there is progress. Also the linux kernel has room for setting files to something more subtle then 666. Java has a somewhat complete reference monitor... but ofcourse noone uses it becouse an application taking a little more time to start up takes more time then cleaning out an internet explorer abusing piece of malware... Microsoft for the first time ever sacrifices backwards compatability for security in servicepack 2 and what do people do? They whine about it..

people should start trying to make secure systems useable again instead of just making them insecure. The first step? explaining everyone that current insecurity is the couse of much lost time and will cost much more money then a bit of DDoS here, mixed with ID theft and the occasional bank heist using a keylogger.

Lots of IM warnings

[poppycock]

There have been lots of IM warnings in the pastjust look at CERT> warnings for a sense of how pervasive this threat is.