Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Worm Chats with Users on AIM

Posted by CowboyNeal on from the talking-it-up dept.

goldseries writes "CNet is reporting that a new IM worm chats with users to get them to down load a file containing a virus. The virus replicates its self and sends its self out to user's buddy lists. The virus will reply 'lol no this is not a virus.' The virus hides users from seeing the messages sent out to members of their buddy list. Viruses are evolving; now they will even talk to you."

9 of 577 comments (clear)

  1. Viruses have always talked to you by thatguywhoiam · · Score: 4, Informative

    Anyone remember "give me a cookie?"

    --
    If Jesus wants me it knows where to find me.
  2. Not too intelligent by mcb · · Score: 4, Informative

    I've gotten this from several people on my list in the past few days... it basically spams a message, usually the same one, every hour or so, with the same link. It just fakes the address, the real link is to: http://209.235.17.26/My_Christmas_Card.SCR

    (06:41:27) xxxx: This AIM user has sent you a Christmas Card! To open it please visit: http://greetings.aol.com/index.pd?source=greetings card?my_christmas_card.scr
    This senders personal note: Merry Christmas!
    (06:41:27) yyyy : Sorry, I ran out for a bit!
    (08:42:59) xxxx: This AIM user has sent you a Christmas Card! To open it please visit: http://greetings.aol.com/index.pd?source=greetings card?my_christmas_card.scr
    This senders personal note: Merry Christmas!

  3. Re:lol no this is not a virus by prionic6 · · Score: 5, Informative

    This will come in to you from another AIM-user you KNOW and who is infected. Not some stranger.

  4. Integrated AI by Durzel · · Score: 4, Informative

    I'm surprised these AIM worms haven't yet integrated with those award-winning AI bots used to fool other humans (e.g. Jabberwacky or ALICE).

    Having said that, when I asked Jabberwacky "Is this a virus?" it said "Well, I hope so." Not very reassuring..

  5. Re:lol no this is not a virus by tpgp · · Score: 4, Informative

    So people can send out executable jpegs? No thanks.

    I said execute bit in the filesystem.

    So - the virus would come in from the mail system with the execute bit set to 0, the user would have to download the file, get its properties, and tick the "execute" checkbox.

    --
    My pics.
  6. Note by Sheepdot · · Score: 5, Informative

    Note: The slashdot article says 'lol no this is not a virus.' The CNET article says "lol no its not its a virus".

  7. Re:lol no this is not a virus by _xeno_ · · Score: 4, Informative

    Windows NT/2000/XP already have this (sorta). You can set execute privileges on files, just like in UNIX.

    However, a default Windows XP install will be set up to inherit all permissions from the root of the drive, and will have the Users group set to Read, Execute, and Traverse Directories. So everything you download is by default executable, and no program I know of ever bothers to unset that. (Actually, the latest version of IE will store some metadata with executable files downloaded through it that marks the file as being "untrusted," but I think that only Windows Explorer (basically, IE itself) actually respects that metadata.)

    The other thing you need to understand is that, like UNIX, you can essentially exec (on Windows, ShellExecute ) any file on the system. Unlike UNIX, though, the kernel won't actually try and interpret the file. Instead the Windows API (I think) will look up the file type and send the file off to the approriate handler. So when you call ShellExecute, you're essentially acting like the user clicked on the file in Windows Explorer. To most programs like AIM, there's no difference between executing another program and opening a file in its viewer. As far as I know, there's really no way of asking Windows "are you going to just look at that, or actually run that?"

    The basic point here is that while Windows XP (and NTFS) do support an Executable flag, by default it's always on. Plus the "launch file" API will also run programs, and there's really no way to be certain that a file you're launching won't essentially be an executable.

    --
    You are in a maze of twisty little relative jumps, all alike.
  8. Uhh... Windows DOES have the Execute "bit" by AKosygin · · Score: 5, Informative

    On NTFS formatted filesystems, you can use the ACL to default set it so that all files saved will not have the "Execute File" permission. You just deselect "Allow" for the line that says "Traverse Folder / Execute File" for the "CREATOR OWNER" entry and "Apply onto" "Files Only" for the scope and allow propagation down.

    Or, you can go into your Group Policy Object (Local Computer or Domain) and by default in your Software Restrictions Policy disallow execution unless they were in areas of the file system you designate, I.E.: "Program Files" folder. And if I remember correctly, saved files from current versions of IM programs are saved in "My Documents" outside of the "Program Files" folder by default.

  9. Re:lol no this is not a virus by Xyde · · Score: 4, Informative

    "Show all file extensions" under Preferences in the Finder. OS X is pretty smart too, even if it's turned off, if you make a file like "pamela_nude.jpg.app" it will show the full extension cause it knows you're trying to be sneaky :)