Slashdot Mirror
Microsoft Messenger Virus Hits Reuters IM
steman writes "Reuters had to temporarily shut down its private instant messaging service after being targetted by the W32/Kelvir-Re trojan. Reuters Messaging is implemented with Microsoft messenger technology and has more than 60,000 users. When activated, the Kelvir trojan sends itself to all users contacts via email and IM. Francis deSouza, chief executive of computer security provider IMLogic, said 'It just generated a flood of instant messages, so it suddenly slowed down the network for legitimate traffic. This is certainly a wake-up call, IM is just like any other communication media. The media needs to go hand-in-hand with security.'"
"This is certainly a wake-up call, IM is just like any other communication media. The media needs to go hand in hand with security."
well duh!
I think many IT departments restrict the use of IM software for this very reason.
Hell, I get 3-4 "(i from forum)" add-to-contacts requests a day if I leave ICQ up. That's something that could easily be blocked with some kind of regex on the ICQ servers. It's really frustrating that there aren't more spim blockers implemented.
500GB of disk, 5TB of transfer, $5.95/mo
Isn't this why Microsoft forced me to upgrade MSN Messenger to a version that wouldn't even _INSTALL_ on my computer?
I had to copy a good installation file by file to get the new version.
Ofcourse with access like this someone could have started a rumour that saudi ariabia would decrease/increase oil production, a merger between X and Y was going through/south, public figure x was assasinated, or a group calling itself l337 cr3w had bombed a major oil pipeline. If convincing, the rumour might be spreaded along with a reuters mark of credability acceptable everywhere where oil/stock/currency-prices and foreign policy are decided...
Why is it that whenever a worm hits a high profile system noone talks about the potential consequences? A worm hitting ATM`s? how inconveniant if you need cash! Windowsupdate.microsoft.com spreading code red... how dumb of microsoft...
How is it noone mentions that humanity knows how to write software that isn`t more worm prone then the stuff that got hit by the morris worm twenty F#$%ing years ago? If people mentioned this from time to time consumers might starts asking for computers that don`t turn into spamming, DDoSing zombie whores at the first sign of an overflow exploit. It would be more productive then the ones with the most megahurts marchitecture eye candy.
It's too bad there isn't more adoption of YIM. In terms interface and usability, it far outranks AIM or MS.
Does anyone know why Yahoo! has had a hard time catching on? Is it just a diffusion effect? E.g., if all your friends have AIM, you have to use AIM, too?
No blaming Microsoft for this one. This time it is definitely the users' fault. The trojan simply sends a link to the contacts inviting them to download and run an executable.
And people still do it!? What will it take before people learn?
I'll probably be modded down for this...
The user needs to click on a link in the IM message, and needs to click on 'yes' on the XPSP2 warning about running unkown executables.
If I'm not mistaken, didn't this vulnerability get fixed a while ago on MS/MSN Messenger?
Slashdot: Olds for Nerds, stuff that mattered.
Not trying to flame here but there is always this raging debate on whether MS is the brand for those desiring insecure solutions or if its just a matter of size making it a media of exponential viral growth. We have one key data point which is that its' web server technology gets hacked more than say, Apache. It's important since Apache is as big as MS in that, neutralizing partly the size issue (al beit Apache is less homgenous than MS server so it's not perfect)
Now we have an IM data point. This is more interesting since here we do have three homgenous IM sources of large size AOL, MS and Yahoo. So I wonder how often these other brands get hacked. Anyone know?
Some drink at the fountain of knowledge. Others just gargle.
"I shouldn't make such assumptions."
Correct. This is primarily a news reposting site, in order to generate discussion.
It's a forum, not a newspaper.
KFG
I'm running a jabberd2 server in my company with lots of users with no problems at all. It is free, stable and has a plethora of clients for all major platforms.
Is there a _serious_ msn-im feature that jabber lacks?
What choice? With XP (both Home and Professional) Microsoft Messenger is installed and running whether you want it or not! In addition, it is a PITA to remove. I think the DOJ forced Microsoft to make it easier to disable, but that of course assumes that the typical user is capable and aware of the need to remove it!
Details here:
http://www.theeldergeek.com/messenger_removal.htm
However, note (from the above source):
In none of the cases below is Messenger actually 'removed' from the system. You can hide it, prevent it from starting, disguise it, and fool the system into thinking it's not available - but it isn't removed. It's still on the computer and a part of the operating system.
Reasons? I would be interested in hearing why. I don't use Gaim much, but I use Trillian everyday.
There is no way I'm going to use MSN Messenger after that. So many more useful functions - default logging of chat...however I'm not sure about the security aspects, and how it compares with Redmonds offering.
R.
When you're in a deep hack mode, typing a message is much less distracting than talking to someone.
Escher was the first MC and Giger invented the HR department.
It doesn't require you to sync up.
You can hold multiple conversations at the same time.
It indicates if somebody is in, without disturbing them like a phone call does.
I can deal with them in the order I choose, unlike phone calls.
You're comparing them to the wrong thing. Phone calls and IM's are different enough that they complement, not compete. E-mail, however, is closer to a competitor for IM.
We're trying out Office Communicator, and despite the fact that the UI was done by an absolute moron (can't supress offline users? have to see the newbie text all the time? gah) the tool itself is pretty damned useful - and I don't often compliment Microsoft.
This statement...
"This is certainly a wake-up call, IM is just like any other communication media. The media needs to go hand in hand with security.'"
Should have been...
This is certainly a wake-up call, IM is just like any other "Microsoft Program". The Microsoft Program needs security."
There isn't a new yahoo virus flying around, nor is there an AIM virus flying around (sending a url that leads to a virus DOES NOT COUNT, as this is not the program itself spreading the virus but just a text link someone is stupid enough to click on) Nope, just Microsoft MSN viruses... Just like every other microsoft product?
~~ Please keep your arms, legs, and outright stupidity inside the ride at all times. Thank You ~~
people are exposed to the flu in winter. News at 11.
Seriously, Microsoft creates architectures with guaranteed downtime, yet people still buy their products? I think their current revenues are holdovers from their monopoly in the 1990s, and the slip in their earnings is indicative of real slowdown for them. As GNOME/KDE desktops mature, people will certainly have few reasons to spend their hard-earned money on Windows and Office. If they want to spend the money, then spend it on Mac OS X and get something better than Microsoft could ever produce.
1. Maybe you should try it then you might understand it?
2. IM is not really Instant, it's almost-Instant, which means you get a chance to read what you're about to say.
3. Go right ahead and type, you don't need to wait for the other party to finish their utterance
4. you can copy and paste things into IM. That's quite hard over a phone call
5. you get a log of the conversation. So if you need to go back and check a fact, you can. It's possible to record phone calls too but in IM it's automatic and it's much easier to search text than audio.
6. By logging into IM you are announcing your availability for chat. Not so with a phone call, which is a polling system (ring ring)
7. Lying requires less work
8. But really you have to TRY something before you DISMISS it.
9. there's probably more.
Yours Sincerely, Michael.
If you have used either IRC or email, then you have no reason to not "get it".
IM is just a faster version of email, and pretty much the same thing as IRC (with a dumbed down interface).
Others have stated the merits of asynchronous communication via IM (just like in email/IRC), and the ability to communicate with more than one party at the same time.
IM doesn't make sense for everyone (I don't use it at work, others do). Some people do not need or appreciate the positive aspects of IM.
While obviously not the main reason most people use IM, some of us do have friends on different continents with whom we'd like to have conversations. Phone is out of the question, and email is too choppy.
IWARS.
People, in general, disappoint me. Politicians even more so.
Run Outlook Express > Options > uncheck 'Automatically log on to Windows Messenger'
Messenger won't come up automatically.
But again I agree it's a pain.
Very true.
I frequently IM myself as a low-budget cut-and-paste between my computers. It requires 1 screenname for each machine, but it works great.
Most of the people on my team also use IM for the same purpose. We'd explored using jabber-based chat, but AOLs infrastructure is hard to beat.
Since AOL added the ability to have encrypted IM sessions between users, I don't have to worry about getting my sessions intercepted either.
A few years back, there were a rash of problems with users having their IM IDs stolen and used for human-engineering attempts. Self-signed certs are more than adaquate in order to establish an encrypted session. One just has to set up their own CA and get everyone on the team to trust that particular CA.
Don't anthropomorphize computers, they don't like it.
Apparently yes, with The Coccinella jabber client.
Is "Messenging" a real word?
Well, why not use Gaim then.
It can handle both MSNmsnger and YIM.
"The One IM To Rule then all"
I'm still trying to figure out what people mean by 'social skills' here.
Take your time and get it right. Do leave things uncheck (buffer overflow) and certainly don't rush. rushing breeds mistakes.
No, this is a wake up call to programmers (the snooze button has been pressed by Microsoft regularly for the last 20 years):
When transferring any kind of data from one computer/system/program to another, where the source cannot be guaranteed trustable (hint: always) the data should be assumed to be intentionally malformed, as a result the system should either:
a) limit what the input data can do eg: not be executed as binary or a privileged command, not be capable of overflowing anything (ignore extra long data) not be capable of doing anything that you wouldn't allow any random person to do.
b) warn the user every time new data is to be processed and require acknowledgement to continue.
(b) is the reason why your operating system can't install random software people send it without warning/asking you.
(a) is for documents, emails, messages, pictures, music etc.
This is a pretty fundamental computing rule, its pretty much exactly like the basic gun safety rules: always assume the gun is loaded. always keep it pointed somewhere you don't mind a bullet going. always keep it unloaded. So you really have to wonder about peoples competence..
This comment does not represent the views or opinions of the user.
In some states it's also illegal to record phone conversations without consent, I don't belive that protection extends to IM conversations. It's not something you usually have to worry about, but if you're IM'ing with your manager having a record of exactly what was said could save your bacon.
This is the traditional post stating that the Mac is OS is superior because it is unaffected by Windows viri.
Also included in the traditional post is a gratuitous slam against Windows users: "Windows users are poopieheads for using Windows!"
Finishing up with a "In Soviet Russia..." joke
In Soviet Russia, you infect Reuters!
It has been my pleasure to provide the Slashdot Community with the traditional posting making fun of the Windows OS and WIndows Users, contrasting the Windows OS with the Mac OS, in a snarky, oh, so superior and ultimately uninformative manner, in a comment thread about yet another flaw/fault/sploit in the Windows OS.
Thank you for your kind attention!
P.S. if you use Linux or any of the UNIX variants, please substitute the name of your OS for Mac OS in the above posting, the better to observe the Slashdot traditions we so revere.
Guaranteed! This comment 100% Anthrax free!
We are talking about text messaging here. I mean how hard it is to send a line of text securely. There should be no security concerns whatsoever.
There have been lots of IM warnings in the pastjust look at CERT> warnings for a sense of how pervasive this threat is.
After following the instruction I received in my IM Window, I downloaded the virus, and tried to run it. It wouldn't open!
I decided to look at the source code with the command "LAN358102:~ haxor$ cat myprofile\@hotmail.com | head"
Result: MZP???@?? ?!?L?!??This program must be run under Win32 $7PELv?A?
*sigh* When will virus writers start to consider people who use other platforms?
Dollar Highway Financial News
IIS6 adviseries http://secunia.com/product/1438/
Apache 2.0 adviseries: http://secunia.com/product/73/
So, what "data point" are you talking about?
-- "I never gave these stories much credence." - HAL 9000