Microsoft Messenger Virus Hits Reuters IM
steman writes "Reuters had to temporarily shut down its private instant messaging service after being targetted by the W32/Kelvir-Re trojan. Reuters Messaging is implemented with Microsoft messenger technology and has more than 60,000 users. When activated, the Kelvir trojan sends itself to all users contacts via email and IM. Francis deSouza, chief executive of computer security provider IMLogic, said 'It just generated a flood of instant messages, so it suddenly slowed down the network for legitimate traffic. This is certainly a wake-up call, IM is just like any other communication media. The media needs to go hand-in-hand with security.'"
I think many IT departments restrict the use of IM software for this very reason.
No blaming Microsoft for this one. This time it is definitely the users' fault. The trojan simply sends a link to the contacts inviting them to download and run an executable.
And people still do it!? What will it take before people learn?
I'll probably be modded down for this...
"I shouldn't make such assumptions."
Correct. This is primarily a news reposting site, in order to generate discussion.
It's a forum, not a newspaper.
KFG
Reasons? I would be interested in hearing why. I don't use Gaim much, but I use Trillian everyday.
There is no way I'm going to use MSN Messenger after that. So many more useful functions - default logging of chat...however I'm not sure about the security aspects, and how it compares with Redmonds offering.
R.
When you're in a deep hack mode, typing a message is much less distracting than talking to someone.
Escher was the first MC and Giger invented the HR department.
Seriously, Microsoft creates architectures with guaranteed downtime, yet people still buy their products? I think their current revenues are holdovers from their monopoly in the 1990s, and the slip in their earnings is indicative of real slowdown for them. As GNOME/KDE desktops mature, people will certainly have few reasons to spend their hard-earned money on Windows and Office. If they want to spend the money, then spend it on Mac OS X and get something better than Microsoft could ever produce.
1. Maybe you should try it then you might understand it?
2. IM is not really Instant, it's almost-Instant, which means you get a chance to read what you're about to say.
3. Go right ahead and type, you don't need to wait for the other party to finish their utterance
4. you can copy and paste things into IM. That's quite hard over a phone call
5. you get a log of the conversation. So if you need to go back and check a fact, you can. It's possible to record phone calls too but in IM it's automatic and it's much easier to search text than audio.
6. By logging into IM you are announcing your availability for chat. Not so with a phone call, which is a polling system (ring ring)
7. Lying requires less work
8. But really you have to TRY something before you DISMISS it.
9. there's probably more.
Yours Sincerely, Michael.
Having said that, I am of the opinion that as the number of people using Firefox increases, so will the number of exploits, but I can't imagine it ever reaching IE proportions; you pretty much have to design in that level of insecurity ;)
No, this is a wake up call to programmers (the snooze button has been pressed by Microsoft regularly for the last 20 years):
When transferring any kind of data from one computer/system/program to another, where the source cannot be guaranteed trustable (hint: always) the data should be assumed to be intentionally malformed, as a result the system should either:
a) limit what the input data can do eg: not be executed as binary or a privileged command, not be capable of overflowing anything (ignore extra long data) not be capable of doing anything that you wouldn't allow any random person to do.
b) warn the user every time new data is to be processed and require acknowledgement to continue.
(b) is the reason why your operating system can't install random software people send it without warning/asking you.
(a) is for documents, emails, messages, pictures, music etc.
This is a pretty fundamental computing rule, its pretty much exactly like the basic gun safety rules: always assume the gun is loaded. always keep it pointed somewhere you don't mind a bullet going. always keep it unloaded. So you really have to wonder about peoples competence..
This comment does not represent the views or opinions of the user.
Microsoft makes itself a big target not only politically but technologically. It is their "extend, embrace, extinguish" attitude that got them into this mess (and other messes as well) when they integrated all their competition's code into the OS. It is sad really that "innovation" to Microsoft really means "acquire".
B.
This is a sig. This is only a sig. Had this been an actual sig you would have been informed where to tune for more sigs.