New Worm Chats with Users on AIM

goldseries writes "CNet is reporting that a new IM worm chats with users to get them to down load a file containing a virus. The virus replicates its self and sends its self out to user's buddy lists. The virus will reply 'lol no this is not a virus.' The virus hides users from seeing the messages sent out to members of their buddy list. Viruses are evolving; now they will even talk to you."

Headlines

[Volanin]

From New Scientist:

A COMPUTER worm called Sober hit the headlines last week, reigniting people's fears about viruses. But while many may fret about infected emails, hackers are increasingly turning to stealthier ways to spread malicious software. Their latest target is instant messaging (IM), a wildly popular alternative to email that allows groups of friends or colleagues to chat online in real time.

"Hackers look at IM and they see fertile new ground," says Jonathan Christensen of FaceTime Communications, an IM security firm based in Foster City, California. "Although email continues to be a target, malicious code writers have become more creative." Even Microsoft, which supplies a proprietary instant messaging service, agrees. "Instant messaging has become a popular target for malicious hackers," says a spokesperson.

IM viruses and worms are not new. In 2001 two IM viruses called Choke and Hello struck, albeit with limited impact. But back then just 141 million people were using IM to talk online. Today 863 million people chat this way, and in March 2004 the volume of IM spam, known as spim, began to skyrocket (New Scientist, 3 April 2004, p 22). But because instant messages from your account can only be sent to your approved contact lists of friends, security experts hoped that IM worms would never take off like email-based malware.

Now, despite these protections, IM worms are beginning to cause similar damage to their email counterparts. "The sweet spot for IM worms is right now," says Jon Sakoda of IM security company IMlogic in Waltham, Massachusetts.

On April 14, the UK-based news agency Reuters had to remove 60,000 clients from its Microsoft messaging service for 20 hours after it detected an attempted invasion by a worm called Kelvir. IMlogic reports a threefold increase in the number of new IM worms released in the first three months of this year compared with 2004. And during this month and last a new IM worm variant has appeared almost every day, according to FaceTime.

Kelvir and another widespread worm called Bropia were detected on 6 March and 19 January respectively. They both use a piece of publicly available code called an application programming interface (API) to infect Microsoft IM networks, and spread via messages that appear to come from a trusted friend, but actually contain malicious web links. Click on one and it automatically downloads a virus that gives a hacker remote control of your PC.

The links are embedded within casual, friendly or salacious comments depending on the worm variant. Hackers have even programmed some Kelvir worms to chat with the victim before sending the link, to persuade the recipient they are talking to a friend. The worm's stock responses are sent blindly, regardless of how the victim replies, so these "conversations" can seem fragmented and illogical. But this is not uncommon even in genuine IM chat, due to the short time delay between sending and receiving messages. "It always shocks me how well these social engineering attacks end up working," says Nicholas Weaver, a security expert at the International Computer Science Institute in Berkeley, California.

Other worms such as Gabby, which surfaced on 26 April, target AOL's Instant Messenger, gaining access to contact list addresses through a flaw in the software rather than using API. And in March, a spat broke out between IM virus writers (similar to turf wars between email virus writers) when the IM worm Fatso (otherwise known as Sumom or Serflog) contained expletives aimed at the writer of the worm Assiral, which in turn was designed to disable Bropia.

Graham Cluley, a security consultant at UK-based anti-virus firm Sophos, says that email still poses a bigger threat. "While IM viruses may be on the rise, I think there will always be more people with access to email," he says. He points out that the Sober worm that struck last week, which also gives hackers remote control acce

Re:People are lazy these days...

[Admodieus]

Because time is money even in the IM world. With probably hundreds of people on that person's buddy list, chances are they're talking to multiple people at once. Why use proper grammar to talk to one person when you can ignore netiquette and talk to five people in the same time?

Artificial Intelligence Reported to DOD

[DMXForever]

I have reported my AI experiments to the DOD and the president. I am hoping to turn over my entire system through the approprate channels through their appropriate channels. So, I guess, if this involves my work in any fashion, Surprise, you're already in the news. DMXForever http://www.jaring.my/weblog/fav.php?id=8594&addfav

Re:The newest front

[PhatboySlim]

It's too bad our 'war' leader doesn't fall into the intelligent category either. (yes, I'm from the U.S.)