Slashdot Mirror
New Worm Chats with Users on AIM
goldseries writes "CNet is reporting that a new
IM worm chats with users to get them to down load a file containing a virus. The virus replicates its self and sends its self out to user's buddy lists. The virus will reply 'lol no this is not a virus.' The virus hides users from seeing the messages sent out to members of their buddy list. Viruses are evolving; now they will even talk to you."
my God, this one will be unstoppable.
Anyone remember "give me a cookie?"
If Jesus wants me it knows where to find me.
Question: How can you tell you are talking to a virus on AIM?
Answer: It sounds more intelligent than a normal user
Mod me down with all of your hatred and your journey towards the dark side will be complete!
To every 13 year old in the US and europe.....
xao
http://TheHillforum.hopto.org
A.L.I.C.E.
:D
This is a small app and she will talk with you - pretty well. So the fact these guys use something similar (it might even be this app) is no big surprise.
That's why I use Trillian..I still haven't figured out how come it won't let me download files, or even get pictures from other people or even do any kind of direct connect
I mod down so you can mod up. Your welcome.
Honestly (and no, I'm not a programmer), the potential here scares me. It seems to me that "interactive" automated intrusion is going to be a serious issue for security. Yes, the truly prudent are (as usual) safe, but the gap between the "luser" and people like me and my co-workers is going to get smaller.
I really do have some of our local users using vmplayer virtual machines to access the internet (the ones with Windows laptops) - and a lot of services shut down (chat, in particular) that some would like to use.
Those who know more than I (most of you) - any comments?
Using plain ol' text since 1968
finnaly someone will talk to me on aim
i don't care
There's 2 ways to pass the Turing Test: make the program more intelligent, or pick examiners who are more dumb. Virus writers pick the later option.
Don't take the above poster too seriously. He doesn't.
Tell me more about now they will even talk to you.
wouldn't an unknown new name on the buddy list sending you a package with the message "lol no its not a virus" be a dead giveaway?
My sig has been answered.
how do I know that the virus didn't submit this Slashdot article? Maybe it's just propagating more lies.
/Puts tin-foil hat on
Reality test... am I dreaming?
I mean, typing its own message is good and all, but not that impressive or scary. Now, when it is able to hijack the read text feature and play psychological mind tricks on me, that's impressive:
"Click the link Dave...why haven't you clicked the link? Do you not like me any more? If you don't, I could just go over here in the corner and format myself...after all, you don't like me anymore, else you would click the link..."
The only way it can get better after that is changing psychological mind tricks to Jedi mind tricks:
"You will click the link."
Only on /. could you find stuff like "down load" then shortly followed by "its self". Somebody there doesn't like to put words together, probably...
And when you remove the virus it says, "I'm scared, Dave."
My friends, we are fighting a war: a war on stupidity.
And clearly, we are losing.
Why does this remind me of the old SNL Landshark routine?
"The virus hides users from seeing the messages sent out to members of their buddy list. Viruses are evolving; now they will even talk to you."
That's why I Touring-test every single person I ever chat with on IM clients. Sure, no one really wants to talk to me after 30 questions, but I kinda like sitting in an empty chat room.
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
...sombody added the virus to their buddy list. It would start chating with itself. Download itself and then infect itself thus commiting suiside. A cunning ploy, I think, to rid the world of this problem.
I used to have a better sig but it broke.
Does this mean that September is almost over?
Be a real patriot: Question authority. Think for yourself. Formulate your own conclusions.
- lol no this is not a virus
So it will sound like almost every other meat-head out there using instant messaging? It will blend right in! I have received less comprehendable IMs from people who would consider it a mortal sin to be anything other than professional in person or on paper.Why does all respect for grammar and spelling (and not sounding like a 12 year old) go out the window when instant messaging technology is involed (especially in a business setting)?
I've gotten this from several people on my list in the past few days... it basically spams a message, usually the same one, every hour or so, with the same link. It just fakes the address, the real link is to: http://209.235.17.26/My_Christmas_Card.SCR
s card?my_christmas_card.scrs card?my_christmas_card.scr
(06:41:27) xxxx: This AIM user has sent you a Christmas Card! To open it please visit: http://greetings.aol.com/index.pd?source=greeting
This senders personal note: Merry Christmas!
(06:41:27) yyyy : Sorry, I ran out for a bit!
(08:42:59) xxxx: This AIM user has sent you a Christmas Card! To open it please visit: http://greetings.aol.com/index.pd?source=greeting
This senders personal note: Merry Christmas!
ELIZA type programs of various flavors have been around for decades, and ran on computers that were very slow / small by today's standards. Heck, an Eliza-style program, and even its LISP interpreter could fit in 64K, or easily on half a megabyte. And that is the runtime requirement. The code itself could easily be a minor addon to a modern day malware.
If you read some classic LISP texts, such as Norvig's book on AI using Common Lisp, or another book The Elements of Artificial Intelligence, and other classic texts, there are probably a lot of algorithms that could be used.
Turn the spread of the malware into some kind of gameplay problem and use AI algorithms to optimize the "gameplay" of the spread?
I'll see your senator, and I'll raise you two judges.
Anyone who played Quake2 must be familiar with ratbot. It would respond with "Yeah !!! I am a R A T B O T !!!!! ?? " or "Please help me !!! What is a bot ??" if someone's message included the text "ratbot". This worm reminds me of that... annoying, but in a really funny way.
You have enemies? Good. That means you've stood up for something, sometime in your life. --Winston Churchill
Viruses have been able to talk to you for a decade, man get with it.
"If we knew what it was we were doing, it would not be called research, would it?" - Albert Einstein
'lol no this is not a virus.'
That is exactly what a virus would say. The response should be:
lol, yeah, I AM a virus!!!1!!
That would be unstoppable.
My house is safe. We switched my teenaged sister to a Mac, and the number of viruses entering the house quickly dropped to zero. No matter how many times I said "Don't click on the link you get in IMs...". Problem solved!
Join the Empire! http://www.empirereborn.net/
These are the same people who also don't know and don't care that they allowed music disks to install rootkits and backdoors on their computers.
The frightening thing is, that would probably be pretty easy to code. The net is full of freely-available pornographic stories; extract a whole bunch of phrases from those, use an Eliza-like system to select the right one for the circumstances and incorporate elements of what the user just said into your response...
You could write up a pretty effective cybersex bot, and you could program it to offer to send across 'cam pix' once in a while. Which would, of course, be virus-ridden.
Better yet, once you've written it you could have it communicate with sad lusers via SMS at, oh, 20p per message. And make a killing. Excuse me, I have an Eliza-bot to hack up with some pornography. bbl, d00dz.
Real Daleks don't climb stairs - they level the building.
"What happen?" "What !" "What You Say !!" "It's You !!" "HA HA HA HA ...."
That may be a clue to walk away at that point.
There are no loopholes. It's either legal or it's not.
Viruses are evolving
Seriously now, are viruses really evolving or is it just that the techniques used by virus writers are evolving? And my Inner Philosopher wants to know if there's a difference and if this has anything to do with Intelligent Design.
I better stop now.
"It's a wonderful idea. But it doesn't work." -- Tad Danielewski
Always interesting to see how virus technology evolves. But this... well just reminds me of a t-shirt note I saw somewhere... "Because there is no patch for human stupidity."
Some people just can not be educated.
Viruses are evolving; now they will even talk to you
... incident.
Good! At least something will! The wife has been giving me the cold shoulder since the
This post is not a troll
I metamoderate, therefore I am
now your just being mean..
'...if only "Jumping to a Conclusion" was an event in the Olympics.'
I'm surprised these AIM worms haven't yet integrated with those award-winning AI bots used to fool other humans (e.g. Jabberwacky or ALICE).
Having said that, when I asked Jabberwacky "Is this a virus?" it said "Well, I hope so." Not very reassuring..
I remember the old days when you'd actually get a message from someone who was a human being. Haven't seen this AIM spam bit but there is one in ICQ which is pretty crude. Says hi then sends it's link if you respond. Of course the bots have no info on themselves, have hidden ips and are easy to spot as the bots they are. The people who create and unlease these things belong in the same jail with the email spammers.
Enjoy your Karma, after all you earned it. Feel your Karma Joe, feel it burn.
and ilnk the site... well, it would be unstoppable until the site crashed. But I'm sure someone would mirror the virus so it could keep rolling...
"Waste not one watt!" - CZ
Uhhhhhhhh...
No folly is more costly than the folly of intolerant idealism. - Winston Churchill
It's called W32.Girlfriend.M and not only does it talk, it won't shut the hell up!
Your mother is not your girlfriend. And when she tells you to shave your beard, to stop eating so many Fritos, and to get a job, you should listen to her!
Cyric Zndovzny at your service.
A conversation I had with my littlest sister this morning:
...
missmag: http://myspace04.myphotos.cc/clarissa17.pif
missmag: lol thats cool
sheep.: what is cool? It's a pif, don't run those.
missmag: lol no its not its a virus
sheep.: holy crap, you're finally trying to follow in your brother's footsteps?
missmag: lol thats cool
sheep.: damn straight, I'll download it now. Let's see which of us can figure out what it does first. It'll be a game!
missmag: lol no its not its a virus
sheep.: uhhh.. I'm noticing that you're repeating yourself.
missmag: lol thats cool
sheep.: oh okay, I didn't know that's what kids were into now.
missmag: http://myspace04.myphotos.cc/clarissa17.pif
sheep.: yeah, I knew myspace was a big hit.
sheep.: back in my day it was BBSing, we used to trade porn for games and games for porn.
missmag: lol thats cool
sheep.: yeah, it got to be really popular community-wise, but I guess you all like myspace cause it's the new "hip" thing, right?
missmag: lol no its not, its a virus
sheep.: yeah I was thinking the same thing about livejournal
missmag: lol thats cool
sheep.: Okay now I'm certain there's something wrong, Maggie, are you there?
missmag: lol no its not, its a virus
sheep.:
"Viruses are evolving; now they will even talk to you."
Dear esteemed friend,
Allow me to introduce myself. I am Dr. Ebola and am employed by the Ugandan ministry of oil...
The computer will take over your computer, and then start selling off items in your house that it can see in your webcam on ebay, paid to it's own paypal account. After the money comes in, it will ditch your computer leaving you with a negative score on ebay.
In terminator we gave the computer the ability to control everything, but in the real world they'll just take it for themselves.
Note: The slashdot article says 'lol no this is not a virus.' The CNET article says "lol no its not its a virus".
Send the trillian crew an e-mail about it and/or upgrade to the latest bought version of trillian. The free version sux and the hacked versions concentrate on keeping the chat functionality, but tend to forget about extras. Trillian rules, I use it too :)
My friends, we are fighting a war: a war on humor.
And clearly, we have lost.
If this technique keeps on working after a while, virus writers will have effectively passed the Turing test. Though as predicted, the Turing test will end up saying more about itself (and us) than AI. Perhaps there should be a Turing Test++ that identifies AI as intelligence capable of distinguishing a human from a virus bot soley by communication over IM.
I don't understand why AOL doesn't simply apply anti-bot filters when this crap is discovered. No IM protocols in use today are peer-to-peer based, they are all server based (otherwise firewalls would have prevented IM from taking off amongst the Joe Sixpack crowd.)
These bots all have distinctive signatures, how hard could it possibly be to pinch them off at the server side? They could do other things, too, such as IM'ing the infected client from Admin to say "Busted, O virus-laden one. Please update your antivirus software and only then will we allow you back onto our servers."
Seems like an ounce of prevention to me ...
John
Hi, I'm a signature virus. Copy it into your sig to help me spread!
S7uP3D UZ3R: Did you mean to send this? Or is it a virus or something?
SMERT VIRI: lol no this is not a virus
S7uP3D UZ3R: Kewl! Thnx 4 the link!
Journalists!
"Why do you say I'm a virus?"
"How does thinking I'm a virus make you feel?"
"What do you mean by that?"
"Come, come. Elucidate your feelings."
Information wants to be anthropomorphized.
"We've lost thousands of men to this insidious weapon."
"Well why don't you just NOT pick it up?"
-goro-
I've been getting spam messages and some really bad bot messages on Yahoo! messenger for quite awhile. Most of them start out asking if you'd like to chat, then send you a link for their webcam site. Quite a few chat sites on the internet have become bot havens, with rooms filled with more bots than people trying to fish for people stupid enough to click on links. Also, on sites such as MySpace, there are bots that will create profiles that look real and then send messages out asking for people to visit and click on their homesite. I'm not terribly surprised that a worm found its way into AIM. Although it does rely on the same thing all the others do: gullibility.
This makes me think of the "Light Grenade" from "Mom and Dad Save the World". The most diabolical doomsday device ever invented; it has "pick me up" printed on the side!
I put on my robe and wizard hat.
Some people may be tempted to misinterpret this that there has been considerable progress in AI (artificial intelligence). Actually, however, this is more indicative of progress in NS (natural stupidity).
On NTFS formatted filesystems, you can use the ACL to default set it so that all files saved will not have the "Execute File" permission. You just deselect "Allow" for the line that says "Traverse Folder / Execute File" for the "CREATOR OWNER" entry and "Apply onto" "Files Only" for the scope and allow propagation down.
Or, you can go into your Group Policy Object (Local Computer or Domain) and by default in your Software Restrictions Policy disallow execution unless they were in areas of the file system you designate, I.E.: "Program Files" folder. And if I remember correctly, saved files from current versions of IM programs are saved in "My Documents" outside of the "Program Files" folder by default.
Yep. That's exactly the plan. Thanks for your comment.
Sincerely,
The US Government
The Turing test is turning out not to be a test of artificial intelligence, but of human stupidity.
Please post your banking information here. lol, this am not a phishing atempt!
Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
Of course, spammers will compensate by padding emails with 98% Shakespeare
Well, at least you would have an interesting read in you inbox everyday; maybe one could develop some sort of persistant distributed storage scheme involving spamI'm still trying to figure out what people mean by 'social skills' here.
I wrote and maintain a free AIM / IM specific antivirus tool called AIMFix that removes these two worms in several variations. I've been working with this stuff since 2003 (AIMFix is used by dozens of Universities as part of official cleaning procedure and recommendations, see the users page for details). In particular, these two worms have been eating all of my free time for the last three or four days with several variants and some new behavior (installing as services only, rather than registry keys all over the place, etc). They're also hiding as Windows filenames, but in different directories, like C:\Windows\svchost.exe (instead of system32), C:\Windows\taskmgr.exe, etc.
It is so incredibly weird seeing these stories in the media. I've been so deep into researching them and writing updates to AIMFix to keep abreast of everything that it comes as a total surprise to see a media outlet cover them. I've gotten countless emails from people who got hit by these two worms, and I've become quite familiar with the symptoms over the past few days, yet at the same time I'm uniquely ignorant of the rest of the story (the AI aspect, etc) because I only end up dealing with the nitty gritty that happens on the symptoms and removal level. Go figure.
-Jay
Sure...and they could also put a big fat warning symbol next to urls that end in executables and tell people "this is a program!" before they download it.
;) But the honest truth is that they don't care unless they have to. When it comes to the scale of priorities, welfare of the users hardly even registers for AOL. What matters is revenue, and unless the virus(es) directly impact revenue, they could care less.
They could probably even set up filters to prevent blacklisted urls from even being transmitted. Hell, with AOL's money and power it's highly likely they could get most of the virus sites shut down much faster than you or I can.
But if there's one thing I've learned in the years I've been fighting the IM virus battle, it's that AOL doesn't do a damn thing until it's so huge that they *have* to do something, or the media gets involved enough to make it an issue. I deal with this crap every single day. I create definitions for new virus variants for my AIMFix software, answer hundreds of emails from (usually virus infected) users, and analyze various bits and pieces of the malware themselves. Hell, I've even tracked the authors down to their home address & phone in a couple of cases. It's not like AOL couldn't take care of all of this if they really wanted to. Hell, they could even just pay me to do it full time - I work cheap
It's often frustrating to me that a relatively minor investment on the part of AOL (and other parties, I might add) could make my life a lot less busy and make the life of a virus writer that much more difficult. It's hard to see dozens of people email me in one weekend because they had their passwords stolen and their account hijacked, or hear from thousands of frustrated and upset people whose computer is suddenly a mess of spyware and ads. I can't even imagine what it'd be like to have your screen name sending out IMs to all of your friends, infecting them with the very same unpleasantness while you sit there helpless. Sure, much of that can be attributed to the end user, but AOL sits in a position to help save a lot of these people from themselves and they just aren't interested.
-Jay
Somebody will chat with me!