Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Messenger Virus Hits Reuters IM

Posted by CowboyNeal on from the irc-cowers-in-fear dept.

steman writes "Reuters had to temporarily shut down its private instant messaging service after being targetted by the W32/Kelvir-Re trojan. Reuters Messaging is implemented with Microsoft messenger technology and has more than 60,000 users. When activated, the Kelvir trojan sends itself to all users contacts via email and IM. Francis deSouza, chief executive of computer security provider IMLogic, said 'It just generated a flood of instant messages, so it suddenly slowed down the network for legitimate traffic. This is certainly a wake-up call, IM is just like any other communication media. The media needs to go hand-in-hand with security.'"

15 of 275 comments (clear)

  1. We haven't had that wake-up call yet? by rlamoni · · Score: 5, Insightful

    I think many IT departments restrict the use of IM software for this very reason.

    1. Re:We haven't had that wake-up call yet? by Richie1984 · · Score: 5, Insightful

      Which is a shame because whilst IM can be used for a lot of negative purposes, such as transfering virii or timewasting, it can also be used for a lot of positive reasons in business. For instance, it can provide, in my view, a more rapid and more effective way of communicating over long distance than email (obviously if both users are online at the same time). This can lead to greater communication within a company. IT departments should think carefully before banning IM programs across the board.

      --
      I'm not stressed. I'm just terribly, terribly alert.
    2. Re:We haven't had that wake-up call yet? by FriedTurkey · · Score: 4, Insightful

      When our IT department took away IM, I thought it would decline the my productivity. It actually increased my productivity and I would never want IM back. There were too many annoying IMs from people who can immediately IM you with total crap. They first take some time to look at it themselves now because they have to expend extra effort to get on the phone or send an email.

      Having IM is kinda like having everyone at your company working in your cubicle. Anyone can just blurt out some kind of crap without thinking it through.

      Try turning off IM for a day and see how much real work can get done.

  2. Don't blame Microsoft for this one. by MarkByers · · Score: 5, Insightful

    No blaming Microsoft for this one. This time it is definitely the users' fault. The trojan simply sends a link to the contacts inviting them to download and run an executable.

    And people still do it!? What will it take before people learn?

    --
    I'll probably be modded down for this...
  3. Re:Old News by MoogMan · · Score: 4, Funny

    Slashdot: Olds for Nerds, stuff that mattered.

  4. Re:Old News by kfg · · Score: 5, Insightful

    "I shouldn't make such assumptions."

    Correct. This is primarily a news reposting site, in order to generate discussion.

    It's a forum, not a newspaper.

    KFG

  5. Jabber anyone? by tabo_peru · · Score: 4, Interesting

    I'm running a jabberd2 server in my company with lots of users with no problems at all. It is free, stable and has a plethora of clients for all major platforms.

    Is there a _serious_ msn-im feature that jabber lacks?

    1. Re:Jabber anyone? by Anonymous Coward · · Score: 4, Informative

      VOIP ? Video Conferencing ? Shared Whiteboard ? remote desktop sharing ?

  6. Re:Microsoft Messenger? by Anonymous Coward · · Score: 4, Informative

    What choice? With XP (both Home and Professional) Microsoft Messenger is installed and running whether you want it or not! In addition, it is a PITA to remove. I think the DOJ forced Microsoft to make it easier to disable, but that of course assumes that the typical user is capable and aware of the need to remove it!

    Details here:
    http://www.theeldergeek.com/messenger_removal.htm

    However, note (from the above source):
    In none of the cases below is Messenger actually 'removed' from the system. You can hide it, prevent it from starting, disguise it, and fool the system into thinking it's not available - but it isn't removed. It's still on the computer and a part of the operating system.

  7. Trillian vs MSN? by rathehun · · Score: 4, Insightful
    I guess this is why Trillian updated the MSN plugin today. Seriously, I don't know why more people don't switch to either Trillian or Gaim.

    Reasons? I would be interested in hearing why. I don't use Gaim much, but I use Trillian everyday.

    There is no way I'm going to use MSN Messenger after that. So many more useful functions - default logging of chat...however I'm not sure about the security aspects, and how it compares with Redmonds offering.

    R.

    1. Re:Trillian vs MSN? by YrWrstNtmr · · Score: 4, Insightful
      The security aspect here is the clueless user, not the tool. This does not automagically propagate. If you got an unknown link from someone in Trillian that says "Click here!" and you did click, then another popup that asks if you want to install 'SomeFunkyProgram', would you?

      No, of course not. You have a bit of a clue. But that's exactly what happened here. The only way Trillian or GAIM would be 'more secure' than MSN Messenger (in this instance) is if they disallowed clickable links in IM's, and/or had no stored contact list. Both of which would be major reductions in functionality.

      GAIM and Trillian DO have major functionality benefits over AIM/MSN/Yahoo (notably, multi protocol) but a clueless user is a clueless user, no matter what client they use.

  8. Re:Why is IM better than a phone? by TeknoHog · · Score: 4, Insightful
    When you're discussing technical matters, it's easier to type a piece of source code or something, than spell it over the phone, hoping the recipient gets it right.

    When you're in a deep hack mode, typing a message is much less distracting than talking to someone.

    --
    Escher was the first MC and Giger invented the HR department.
  9. Re:Why is IM better than a phone? by sydb · · Score: 4, Insightful

    1. Maybe you should try it then you might understand it?
    2. IM is not really Instant, it's almost-Instant, which means you get a chance to read what you're about to say.
    3. Go right ahead and type, you don't need to wait for the other party to finish their utterance
    4. you can copy and paste things into IM. That's quite hard over a phone call
    5. you get a log of the conversation. So if you need to go back and check a fact, you can. It's possible to record phone calls too but in IM it's automatic and it's much easier to search text than audio.
    6. By logging into IM you are announcing your availability for chat. Not so with a phone call, which is a polling system (ring ring)
    7. Lying requires less work
    8. But really you have to TRY something before you DISMISS it.
    9. there's probably more.

    --
    Yours Sincerely, Michael.
  10. Re:Correction... by ssj_195 · · Score: 4, Insightful
    Not even remotely interesting, since most of those vulnerabilities were found by Firefox devs and hired auditing firms, rather than by seeing exploits in the wild. And how does "being a target" suddenly create more vulnerabilities? A vulnerability in a piece of software is either there or not, irrespective of how many people use it.

    Having said that, I am of the opinion that as the number of people using Firefox increases, so will the number of exploits, but I can't imagine it ever reaching IE proportions; you pretty much have to design in that level of insecurity ;)

  11. "Reuters Messenging" by Anonymous Coward · · Score: 5, Interesting

    Is "Messenging" a real word?