Microsoft Messenger Virus Hits Reuters IM

steman writes "Reuters had to temporarily shut down its private instant messaging service after being targetted by the W32/Kelvir-Re trojan. Reuters Messaging is implemented with Microsoft messenger technology and has more than 60,000 users. When activated, the Kelvir trojan sends itself to all users contacts via email and IM. Francis deSouza, chief executive of computer security provider IMLogic, said 'It just generated a flood of instant messages, so it suddenly slowed down the network for legitimate traffic. This is certainly a wake-up call, IM is just like any other communication media. The media needs to go hand-in-hand with security.'"

Die IM, Diiiieee

[blackicye]

I'm wondering if I'm the only one who is annoyed by IM Services.

I used to use ICQ way back in the day, but found it to be more of an annoyance than anything useful.

My rationale is, if its not important, send me an email. If it _is_ important, give me a call.

Otherwise, bugger off! I'm not interested..

Yahoo! IM

[G1aucon]

It's too bad there isn't more adoption of YIM. In terms interface and usability, it far outranks AIM or MS.

Does anyone know why Yahoo! has had a hard time catching on? Is it just a diffusion effect? E.g., if all your friends have AIM, you have to use AIM, too?

AOL,Yahoo & MS

[goombah99]

so does AOL and yahoo also have these sorts of breeches from time to time? or is this just another MS exclusive?

Not trying to flame here but there is always this raging debate on whether MS is the brand for those desiring insecure solutions or if its just a matter of size making it a media of exponential viral growth. We have one key data point which is that its' web server technology gets hacked more than say, Apache. It's important since Apache is as big as MS in that, neutralizing partly the size issue (al beit Apache is less homgenous than MS server so it's not perfect)

Now we have an IM data point. This is more interesting since here we do have three homgenous IM sources of large size AOL, MS and Yahoo. So I wonder how often these other brands get hacked. Anyone know?

Re:AOL,Yahoo & MS

[cbiltcliffe]

Ok...let me get this straight....

Linux and Apple don't get hacked because nobody uses them, and IIS6 doesn't get hacked because it's secure by default?

But Windows gets hacked because of it's high marketshare, right?
So what's the difference between Apache and Windows?

Jabber anyone?

[tabo_peru]

I'm running a jabberd2 server in my company with lots of users with no problems at all. It is free, stable and has a plethora of clients for all major platforms.

Is there a _serious_ msn-im feature that jabber lacks?

so will microsoft be held responsible ?

[Adult+film+producer]

There was a story on slashdot about a month ago, some microsoft shill was dis'ing Linux because of it's lack of support and indemification issues, all the more reason to go with Microsoft (presumably because they have to answer for these fuck ups.)

So microsoft will reimburse Reuters for this IM disaster, someone at microsoft will get fired at least ?

Whatever, microsoft is like the government... when people screw up they get promotions or Medals of Freedom..

"Reuters Messenging"

Is "Messenging" a real word?

Re:We haven't had that wake-up call yet?

[FriedTurkey]

This is typical. Person A has a problem where they can't stop using item X. Person A therefore campaigns for the restriction of item X, regardless of the positive results of others, and infringing the rights of all other persons who can actually control themselves.

Infringing on rights? Having IM at work is not a Constitutional right.

That's great when you have a choice of IM. If IM is allowed at work, the managers are going to require me to sign-in everyday. I really don't have a choice when somebody IMs me over stupid crap. None of IM services have a "crap filter". If I turn off my IM my manager will be like "turn on your IM so I can IM you stupid crap all day". There is no way to tell people "don't IM me stupid crap". People don't realize thier crap is stupid.

If corporate policy is to allow IM, the corporations are going to want to be able to IM you. There is never going to be a corporate policy of allowing IM for personal use only. That's like allowing a slacking device on you computer. Corporations should be allowed to block IM if you are not doing it for business use. You are allowing a hole into the network for viruses and you are allowing a huge productivity killer.

Do I miss talking to my friend and family at work? Not really. It is really intrusive to have a pop-up box with some crap when I am trying to get something done. Send me an email and I'll respond to you when I am not in the middle of something.

The mind can only handle so many distractions. Constant interuptions into thoughts actually stresses people out.

A IM free workplace is like working in a quieter room.

Apache vs IIS: The Facts

[I'm+Don+Giovanni]

We have one key data point which is that its' web server technology gets hacked more than say, Apache. It's important since Apache is as big as MS in that, neutralizing partly the size issue (al beit Apache is less homgenous than MS server so it's not perfect)

Since 2003, IIS 6.0 has had exactly 3 security adviseries verses Apache's 22 in the same time period:
IIS6 adviseries http://secunia.com/product/1438/
Apache 2.0 adviseries: http://secunia.com/product/73/

So, what "data point" are you talking about?