Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fully Automated IM Worms on the Way?

Posted by CmdrTaco on from the only-a-matter-of-time dept.

nanycow writes "The sudden appearance of a rootkit file in a spyware-laden IM worm attack has set off new fears that malicious hackers are sophisticated enough to launch a fully automated worm attack against instant messaging networks. Researchers say the stage is set for a worm writer to use an unpatched buffer overflow in an IM app to unleash a worm that is capable of infecting millions or users without the use of malicious URLs that require a click."

4 of 230 comments (clear)

  1. Re:I cant take any more of this by Darkon · · Score: 4, Informative


    Is the 'administrator' account privilege - which a majority of Windows user accounts are - not an equivalent to root?

    Strictly speaking the Windows equivalent of 'root' is the hidden 'LocalSystem' account.

  2. Re:Infection by Red+Flayer · · Score: 4, Informative

    From the summary:

    "Researchers say the stage is set for a worm writer to use an unpatched buffer overflow in an IM app to unleash a worm that is capable of infecting millions or users without the use of malicious URLs that require a click."

    FTA "'We've already seen documentation for some serious code-execution vulnerabilities in IM applications. If you put it all together, you'll see we're not that far away from an automated IM attack where infections don't require the user to click on anything,' Wells said."

    User education won't help if propagation occurs without any action by them.

    --
    "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
  3. Re:Do these things affect non-AIM apps? by Rocketship+Underpant · · Score: 4, Informative

    "I use Adium. Should I be worried?"

    I doubt it, because any malicious program that wants to alter OS X's settings is going to have to prompt you for an administrator password (unlike Windows). Besides, it's likely that any such worm will target official IM clients rather than third-party apps.

    --
    He who lights his taper at mine, receives light without darkening me.
  4. IM worms go undetected by rizzo420 · · Score: 4, Informative

    i think a bigger part of the problem, and hopefully this will open their eyes, is that thus far, the big anti-virus companies (symantec and mcafee) will not include IM worms in their definitions. this means that even if you have the most up-to-date windows security patches, and the most up-to-date anti-virus software, you can still be infected by the IM worm. i don't understand why they won't include them as they are, in my opinion, just as dangerous and propogate on their own just like normal email viruses. i deal with the "AIM virus" on a near-daily basis. i keep sending people to download AIMFix. this guy is getting some serious hits to his site, and he's not getting paid for it... these are real viruses, since the definition of a virus is that it gets onto your computer and propogates on it's own. this just doesn't use traditional means (email, network ports). even if you uninstall instant messenger, it's still there waiting to send itself to everyone on yoru buddy list.

    --
    please me, have no regrets.