Santa IM Worm Hits AOL, MSN and Yahoo

elmtree95 writes "CNET News reports A Santa Claus worm is attempting to trick America Online, Microsoft MSN and Yahoo instant-messaging users into clicking on a file that delivers unwanted software to a victim's computer. The IM.GiftCom.All worm attempts to dupe IM users into thinking an acquaintance has sent them a link to a harmless Santa Claus file. IM security vendor ELMTree Software has released a patch to their ChatPatrol (www.chatpatrol.com) product to address this issue."

WTF?

[ZiakII]

harmless Santa Claus file.

Whiskey Tango Foxtrot?

Re:WTF?

[User+956]

You've never heard of a .Claus file? You can open it with Stuffit Expander.

(Yeah, I never have it installed, either)

Re:WTF?

[TerminalInsanity]

wtf for sure. who the hell downloads a file from some random person on the internet?
and even then, you would have to be near brain dead to run it.

what are these people thinking... i think mcafee/norton/etc should get together and make some basic '10 rules to avoid viruses' bs, maybe if we add an annoying jingle to it, these people might get it. WTF

Re:WTF?

[MntlChaos]

except they're not random people. You'd think they were your friends.

I bet it isn't as good as:

"lol, it's not a virus."

Presents

[lord_sarpedon]

Oh boy! A Bonzi Buddy! Just what I wanted. Thank you, Santa.

Gee, not even Santa Claus loves Mac users.

[crovira]

Gee, first post.

As a Mac user I feel really lonely.

Re:Gee, not even Santa Claus loves Mac users.

That's ok; you're still welcome with all your hipster friends.

I still feel slightly sick from that link.

Re:Gee, not even Santa Claus loves Mac users.

[Cmdr_earthsnake]

To be left out side alooone, it's cold out here - Anastacia I'm feeling lonely as well :(

Re:Gee, not even Santa Claus loves Mac users.

[Happy_Thorsday]

Rock on Mac's! I haven't seen the effects of this worm, yet... Maybe it's because I use Y!IM replacements that Autoblock any posts containing websites... That's because I rock!

gotta love free advertising

elmtree95 writes.... IM security vendor ELMTree Software has released a patch to their ChatPatrol

'nuff said

Re:gotta love free advertising

[BadassJesus]

"IM security vendor ELMTree Software has released a patch"

... and we all hope (in reverend silence) that they havent released the Santa Claus worm itself also

Re:gotta love free advertising

What makes you think it was free? It's hard to escape the conclusion that slashdot has been running paid slashvertisements for years, indeed some editors hardly seem to approve any other kind of story.

In addition there are pagerank spammers like **BeatlesBeatles that appear so frequently despite user outcry that backhanders are again the only logical reason.

Slashdot : Press releases for gullible nerds, stuff that makes us money

Re:gotta love free advertising

[Ilgaz]

I have never seen such shameless product promotion to this date on slashdot.

I suggest Slashdot to revoke that user account. I know it can't be deleted, just change suckers password.

Dear Santa.w32...

Please, please don't bring me any gifts. The bicycle you fired at me last year from your bicycle gun really tore up my insides.

-- AIM user

Re:Dear Santa.w32...

[Synth3t1c]

Dear Santa, Could you please give me a coffin for grandpa this christmas? The rocking chair you fired at him last year killed him, and now he's starting to smell. Something like that, meh 3 futurama. now come de-mod me, my kharmas low enough

Re:Dear Santa.w32...

[cellojoe]

santa claus is gunning... you dowwwn! hehe... good stuff

Re:Dear Santa.w32...

That is a family guy quote.

Re:Dear Santa.w32...

[SirTalon42]

It is Futurama, not Family Guy. There is no robosanta in family guy.

How does it work?

[the_humeister]

Since the user has to click on a link, I assume the browser type matters?

Re:How does it work?

[setirw]

Not necessarily. It could be linked to an EXE or PIF, which a naïve user would open. If the target ignores all browsers' warnings about harmful EXEs, in combination with Windows's hiding of file extensions... (somefile).jpg .exe is something I've seen many times. By the way: Does IE prompt that PIF/BAT files are potentially dangerous when downloading? How about VB scripts?

Re:How does it work?

[thesnarky1]

If you remember the other big IM worm a few weeks (months?) ago, browser didn't matter. Just user stupidity. So, as I said then, tell your friends and family to NOT CLICK LINKS! Unless of course, whomever im'ed them can repeat a phrase, such as "I AM a bot, you stupid fool!!!" Security at its finest.

Re:How does it work?

It's a '.com' (like command.com) file being distributed. User clicks accept to start the file transfer. On completion, the IM client turns the filename into a clickable link which, if clicked, starts the malicious component.

Re:How does it work?

[LiquidCoooled]

lol, it's not a virus...

Santa's Motives

[setirw]

better !pout !cry
better watchout
lpr why
santa claus town
cat /etc/passwd >list
ncheck list
ncheck list
cat list | grep naughty >nogiftlist
cat list | grep nice >giftlist
santa claus town
who | grep sleeping
who | grep awake
who | egrep 'bad|good'
for (goodness sake) {
be good
}

Dang, I guess he really meant the last three lines!!

Re:Santa's Motives

[setirw]

That should be:

santa claus <north pole >town

I forgot to submit it as plain text :(

Re:Santa's Motives

[ErichTheWebGuy]

Personally, I woulda said:

mv /etc/northpole/santaclaus ~/town

But that's just me :P

Re:Santa's Motives

[FidelCatsro]

CD SantaClause/
SantaClause/: No such file or directory
rm -rf Christmas_hopes_and_Dreams/

Sorry to break it to you like this kids

Re:Santa's Motives

[Hillgiant]

That would be because Santa Claus has no 'e'. You would think people who rely on text based computing would have better spelling...

Although, you do get double bonus points for reminding me of the amusing Three Stooges "Sanity Clause" skit.

Re:Santa's Motives

[FidelCatsro]

it was a pun .. though the pun was rather weak i do admit

Ho ho ho.

[mctk]

Harmless Santa Claus file? More like insubordinate Claus file.

Re:Ho ho ho.

[HermanAB]

Sad, no American Public School grad will catch that joke...

Re:Ho ho ho.

[needacoolnickname]

You were funny until your American grammar sucked.

American (might be capital, but I graduated from one so I am not sure)

public school

We don't capitalize our public schools because they are not a proper noun unless we use the proper name for the school, but good shot!

Try again next time.

It's a /. story...

[Trailer+Trash]

And an advertisement, all in one convenient package!

No

[alfrin]

lol, this is not a virus

I'm usually a "Happy Holidays" person, but...

[Caspian]

HO HO HO! Merrrrrrrrrry Christmas!

(Finally, a reason for me to say that!)

Re:I'm usually a "Happy Holidays" person, but...

[squallbsr]

Or in Blue Collar Comedy Style:

Lady of the Evening, Lady of the Evening, Lady of the Evening. Happy Non-specific celebration day.

User's fault again

[Saven+Marek]

Anyone who catches this is at fault.

what happens is you get an IM message with a link. if you click it, it's your fault when it downloads.

When it downloads it is still just nothing but a file on your disk. If you accidentally click it you have a chance not to run it. Second luck, if you like.

If you then open that file and become infected, it is your own fault.

It is like being warned two times not to put your tongue on a 110v wire chasss. If you still do it you have nobody else to blame.

As they say, take the warnings off everything and let nature sort out the idiots.

Re:User's fault again

[mattmacf]

taking the warnings off doesnt help when a worm installed across several thousand idiots starts DOSsing a site im trying to get to. licking a 110v wire shouldnt knock my power out.

regardless, it looks like just another silly aim worm (albeit with a festive holiday flair).

Re:User's fault again

[cheesy9999]

...and that's why it's usually my girlfriend's sorority sisters who need help fixing these fucking things.

Re:User's fault again

[dvaldenaire]

Plus, if you choose windows as your OS, you're fully responsible in the first place...

Re:User's fault again

[BigDogCH]

I agree totally. Everyone in my family has been warned about not clicking on links in IM, and openening Email attachments, and .......................

Yet they don't think it is their fault when they get a virus/worm/spyware.

Unlike the ignorant Linux fanboys on /., I do not think it is their fault just for using Windows, but they need to be somewhat responsible. The sad part is, even after 10 years of Windows problems, I still have family that insist they don't need security updates, firewall, and the like.

Re:User's fault again

This is the reason I stopped supporting family PCs. It ended up weeding out the ones who refused to do security updates. They were SCARED of doing a security update when one was needed, yet they're not scared to click on a popup that tells them it'll INSTALL A FREE VIRUS CHECKER which is yet another worm. go figure. It's not just one member, it's multiple.

My mother and father have a desktop and a laptop between them. My two sisters and three brothers all have PCs, one brother owns three and is a pseudo geek. I have cousins in the same town who all have PCs. Each and every single one called upon me when their computers start running like shit, and for a while I was happy to fix them.

it got to the point where I didn't have a weekend free for two months because I was maintaining family PCs. I didn't get time with my son, I didn't get time with my wife, I spent all my fucking time in front of relatives' windows boxes fixing spyware for the millionth time. So I dropped it.

Now most of them don't use computers because they're all "too slow" or "don't work". All through their own fault, and all because they utterly refuse to take my advice on not clicking crap. One cousin, Mark, I spent hours with him explaining how spyware and malware gets into his system. I explained spamming worms, and how they sent emails with files you click on that install, and he sounded genuinely interested in how it happens and how to prevent it.

fifteen minutes after explaining this I watched him open OE (despite telling him NOT to) and check his email, then click on a link to Free Gaming Sites.

ignorant fucks, every goddamned single one of them. I'm glad they don't use computers any more, they demonstrated they don't have a FUCKING CLUE HOW TO. if these people used the equivalent of their computer skills in driving they would be zipping along at 100mph in a 40 zone, they would use no headlights or indicators and they would ignore traffic lights, and then wonder why they kept getting t-boned in intersections, and never learn.

GAH!

Nice plug.

[chundo]

elmtree95 writes...

<snip>

IM security vendor ELMTree Software has released a patch to their ChatPatrol (www.chatpatrol.com) product to address this issue.

Nice. Nothing like free PR!

Bad information

[sloanster]

The article says that "it delivers unwanted software to a victim's computer"...

Um, no. It delivers unwanted software only to hapless users of microsoft OSes. Those running OSX, Linux, BSD etc are completely unaffected.

Re:Bad information

What nutcases moderated this as infromative? Next you'll be telling me I shouldn't download Windows XP binaries when I want to run them under Linux.

Re:Bad information

I know this may be some groundbreaking news to you, but Windows runs on a computer. It's not like they are saying "it delivers unwanted software to any computer that ever existed".

Re:Bad information

If this worm only affects users of Windows software, and they chose to open and execute the file, then they become the victim. So yes, it does deliver unwanted software to a victim's computer. If the user is running another OS, then they are not victims. Is it that hard to understand?

Re:Bad information

[gaspyy]

Are you sure the "unwanted software" doesn't run with Wine?

While technically you may be correct, you're still a troll for trying to bash Microsoft on this.

Re:Bad information

[Psykosys]

Because most people use Windows and it's therefore targeted to that platform. Seriously though, why does every new IM worm end up on /.? There's nothing remotely new about this, people have used far more clever names to package worms than "Santa" in the past, and the worm itself possesses absolutely no new features of interest.

Re:Bad information

[Burz]

If this worm only affects users of Windows software, and they chose to open and execute the file, then they become the victim. So yes, it does deliver unwanted software to a victim's computer. If the user is running another OS, then they are not victims. Is it that hard to understand?

Somewhat hard, yes. The slashdot summary does not mention Windows, so the rest of us have to dig for this vital detail. That makes the incident hard to understand as reported by slashdot because the editor didn't check story background.

From the posting, how are we supposed to know about "only affects users of Windows software"?? Telepathy?

Re:Bad information

I think we can pretty much assume 'victim' means 'windoze user'.

Re:Bad information

Indeed...but what if I was running my linux through my screensaver?

Okay, so I'm a Scrooge

[davmoo]

With all the publicity that this sort of infection has gotten over the last two years, anyone stupid enough to click on the link deserves what they get. Merry farfing Christmas.

Re:Okay, so I'm a Scrooge

[Ninjy]

Unfortunately for your analysis, people die, and new people are born every day. There's always new people using computers, uninformed of the risks, not knowing there -is- a risk. That's hardly their fault.

What's next?

[queenb**ch]

Maybe we can push the Sony root kit out via IM to all of Sony's employees. Anyone know if they have a corporate IM server?

2 cents,

Queen B

Re:What's next?

They don't.

Though they do have a corporate IRC server.

Technically You're Wrong

[Afecks]

It delivers it to anyone... it only works on Windows.

Sorry but if you want to nitpick, be prepared to receive the same.

Re:Technically You're Wrong

[techno-vampire]

Not so. The main program only works under Windows, so it doesn't even download the files if you're using any other OS.

Re:Technically You're Wrong

[EvanED]

No, if you click on the link that's presented to you regardless of OS and download it, you'll have it. It doesn't need to run on your computer to IM you; in fact, that's the exact opposite of what would happen.

Scammers and Spammers

[TheUncleD]

These tricks are a few of many that spammers and scammers are resolting to in order to install malware on peoples computers. Santa Clause, how ironic seeing as its the holiday season and people are susceptible.

Microsoft provides this URL for users to immediately get rid of the latest Malware: Remove Malware

Re:Scammers and Spammers

[rodgster]

or instead of being spoon fed by MS, you could...

start--->run--->mrt---->ok

Re:Scammers and Spammers

[Secrity]

Microsoft provides this URL for users to immediately get rid of the latest Malware: Remove Malware.

I tried that link from somebody else's XP box; it didn't work, XP was still functioning after a reboot.

ironic?

[Afecks]

how ironic seeing as its the holiday season and people are susceptible

I don't think that word means what you think it means...

Re:ironic?

[boxofjack]

How ironic that you had to correct him.

Watch out!

[techno-vampire]

Oh, you better watch out,
You better not cry,
You better not chat,
I'm telling you why:
Santa Worm is coming to town!

ChatPatrol

So... can I get the source to this blatant ripoff of gaim?

Elmtree must be the stupidest company I've seen. They rip off gaim, and then write a post to slashdot: the place where the users are most likely to call them on their infringement!

Re:ChatPatrol

It's not even a ripoff of Gaim, it's just a lousy non-free, non-Free, Windows-only plugin for the commercial IM clients, being hawked using an account which is employed for that purpose only. elmtree95's one and only /. post.

Does it install a clue for users silly enough to download and run executables being pushed by anonymous strangers?

"IM security vendor." How pathetic.

Editors, please don't put spam stories like this on the site. That's all it is.

Re:ChatPatrol

[PitaBred]

Or perhaps you're simply stupid yourself, and unable to understand the brief verbage on their site.
That screensot? That just shows that they work with Gaim. It's an IM security/encryption program that runs transparently basically as a proxy from what I can tell. They don't have an IM client themselves.
Oh, wait... write first, comprehend later. I'm the first to get on someone ripping off open source, but this ain't one of those times, and all it would have taken was using your brain before you typed to figure that out.

Re:ChatPatrol

[khellendros1984]

You've got to admit, though....it's kinda goofy for them to show gaim on their front page, when there are already several very good encryption plugins for it already.

Re:ChatPatrol

You're right, my bad. I saw a crappy web page with a gaim screenshot and jumped to an incorrect conclusion.

Re:ChatPatrol

Technically, ChatPatrol is a packet intercepter that recognizes AOL, MSN, and Yahoo IM packets. Because the encryption is performed by the packet interceptor, below the application layer, it's theoretically compatible with any chat client for those networks. Get's around the hassle of conforming to 27 different plug-in APIs.

Will it run under wine?

[tibbst]

Probably don't want no wino Santa at my house anyhow. I'll stuff my own stockings, thanks.

Say it with me people

[Billosaur]

Don't click on links in strange IMs!!!

Does anyone listen? No. You know who gets these things? Sad and lonely people, and at this time of year, they are especially vulnerable.

Re:Say it with me people

lol no its not a virus.

Re:Say it with me people

[MacDork]

Don't click on links in strange IMs!!!

That sounds an awful lot like "Don't open strange email attachments!!!" I do both and I have no problems. My secret?

Keep a recent backup and use a more secure OS. (Thanks to that second bit, I've never needed the first.)

Re:Say it with me people

[Suddenly_Dead]

You know, oddly enough, I have sent links to executables, and transferred executables to friends. I don't always provide a lengthy explanation as to what it is either. How can you really define "strange", especially to people who don't have a built-in scam detector?

Re:Say it with me people

I have sent links to executables, and transferred executables to friends. I don't always provide a lengthy explanation as to what it is either

If you do not provide an explanation, they cannot know if your mail is trustworthy. People like you actually are helping the bad guys. People will never be able to se the difference between a legit mail from you, or a malicious message that contains a virus.

Re:Say it with me people

[HermanAB]

Well, why the fsck should clicking on a something fsck your whole system?

Re:Say it with me people

[Beale]

Yeah! And why should pressing down the accelerator in my car make me crash into stuff?

Re:Say it with me people

[HermanAB]

You don't understand - on a Unix system (Solaris, MacIntosh, Linux etc.) running a malicious program will only affect that user. The other users and the system itself will still be fine. On MS systems, the whole friggen system blows up. That is just stupid.

Re:Say it with me people

[Billosaur]

Of course it's more secure; no one writes worms and viruses for Macs since there are so few of them.

Re:Say it with me people

[sglane81]

running a malicious program will only affect that user. The other users and the system itself will still be fine.

#include
int main() {
      while (1) { fork(); }
      return 0;
}

affects everyone on pretty much all systems.

Re:Say it with me people

[sglane81]

bah humbug

#include <unistd.h>

Re:Say it with me people

[MacDork]

no one writes worms and viruses for Macs since there are so few of them.

Just like no one writes worms and viruses for iPods because there are so few of them.

Re:Say it with me people

Except those that properly configure their system so that users can only spawn so many processes.

Re:Say it with me people

[HermanAB]

Exhackitilly... It is possible to configure MS Windows to be pretty well behaved, with Admin and User rights, but then some often used applications won't work. Consequently, even a badly configured *nix system is still better in practise. One just has to think for a moment, why most routers and firewalls run Linux. Then think about the fact that the firewall doesn't have a firewall...

What about Google?

[nnorwitz]

I can't believe there's an article on /. that mentions Yahoo, MSN, and AOL, but not Google. They must feel so left out.

Did someone finally impose a Google limit on /.?

Re:What about Google?

[Mr.+Freeman]

It probably doesn't use Google talk to "spread".

Re:What about Google?

[HermanAB]

When 95% speaks, 5% listens.

Human stupidity strikes again

[Mr.+Freeman]

He who does not have anti-virus software nor the common sense not to click on the link nor the common sense not to run the file deserves what's coming to them.

This really isn't any different from the morons who message random people telling them to download sub 7.

Santa has less love for Linux users...

[cloricus]

You guys are the lucky ones as you can just ignore this lump of coal. Us poor Linux users will be up all Christmas night hacking away at wine to get this worm emulated so we don't feel left out.

Convincing the Windows crowd that we are compatible is such a pain... :(

Re:Santa has less love for Linux users...

After being hacked recently, I'm convinced that Linux users have it worse for a few reasons. A) Windows exploits are relatively easy to foil...a decent HW firewall should stop 99% of anything and B and C go together, being that B) Someone exploiting a linux box is prolly a step above the average script kiddie and C) because of that, they prolly want more than just a ddos zombie or somesuch - they prolly are using you as a base to hack from - leaving you vulnerable to legal repercussions.

That said............I feel fairly confident that if you aren't running servers you should be pretty much OK but who knows. I was behind a firewall with few publically accessible ports. I have a feeling they may have gained entrance through a shady package install.

Re:Santa has less love for Linux users...

[Crayon+Kid]

You guys are the lucky ones as you can just ignore this lump of coal.

C.a.r.b.o.n. It's called Carbon.

Re:Santa has less love for Linux users...

[daliman]

a) should cover you for linux as well, unless there's a vulnerability in iptables. Or unless you're a muppet who left yourself and run foolish servers - like the normal windows crowd.

Re:Santa has less love for Linux users...

[Burz]

I wouldn't say we're quite so lucky.

The article is reporting what is actually a WINDOWS VIRUS without actually mentioning this vital background detail. According to the posting, its an "IM" problem. Heh.

The drawback is that us Mac/Lunix users have to click on the link anyway to check that it doesn't affect our platform -- just in case. Another drawback is that Microsoft gets away with not having their product explicitly associated with the virus.

Having this kind of gloss-over slip through has become typical at Slashdot.

I've said this all before and been modded-down for it. No doubt, I'll be cravenly modded-down again...

Re:Santa has less love for Linux users...

Are you saying that Mac or Linux doesn't allow the user to willfully and manually download and install a program? Which is what this is, with several manual steps and some simple social engineering. Or is it just that this particular executable isn't targeted at the 4+4% of the users, since that would somewhat limit the spread?

Re:Santa has less love for Linux users...

[KURAAKU+Deibiddo]

If the virus is Carbon, does that mean that Mac users aren't left out, after all?

Re:Santa has less love for Linux users...

[mibus]

C.a.r.b.o.n. It's called Carbon.

I'd much rather Cocoa.

Re:Santa has less love for Linux users...

[Spudds]

Dude you SO owe me a coffee for that one!

    And a towel for my monitor. :)
    Man... I've even got mod points but you're already +5!

Re:Santa has less love for Linux users...

[Zardus]

hacking away at wine to get this worm emulated

Wine Is Not an Emulator!!!

It can't just be me....

[ShyGuy91284]

The thought crossed my mind that the "delivers unwanted software" hyperlink would be a hotlink to the virus. I know if I were sadistic enough I would have done it in samzenpus's place.....

working link

http://dogcow.atspace.com/view_all.html

Re:working link

This isn't all that working either, ya know

Oh no

[rolypolyman]

This doesn't bode well. I think AOLers are just now getting up to speed on the "good times" virus.

How much does a story like this cost?

[trance9]

So is slashdot running paid stories now? How much to I have to pay to have a story of my choice run and mention my company like this?

Re:How much does a story like this cost?

[detlev409]

Agreed. I call shenanigans. Check out Elmtree's profile. This account was created with the express purpose of promoting the ChatPatrol product.

This is nothing more than an underhanded marketing attempt, piggybacking on a genuine virus alert. OOoo...the shadiness...

Re:How much does a story like this cost?

[detlev409]

Agreed. I call shenanigans. Check out Elmtree's profile. This account was created with the express purpose of promoting the ChatPatrol product.

This is nothing more than an underhanded marketing attempt, piggybacking on a genuine virus alert. OOoo...the shadiness...

Re:How much does a story like this cost?

Damn, this Skyy vodka must be really good. I could have sworn I just saw the exact same post a bit ago!!!

Re:How much does a story like this cost?

[chris_eineke]

I, as an anarchocapitalist, fully support our free-market worshipping, slashvertisement posting corporate overlords.

Re:How much does a story like this cost?

[darkmeridian]

I don't think they tried too hard to hide their association. The company was called Elmtree and their Slashdot ID was elmtree95. Still, I wonder if anyone was paid because it was so blatant.

Re:How much does a story like this cost?

[detlev409]

I don't dispute the obvious nature of the con. On the contrary, I find it a tad offensive. Does this Elmtree really believe we're that desperate/gullible?

I doubt it. My guess is somebody didn't do their homework on what goes on in the slashdot forums, but thought they'd get cute with an attempt at self-starting viral marketing anyway.

If this turned out to involve actual slash-payola, I'll be leaving, with no goodbyes or regrets. I can live with sloppy editing and a linux bias, because slashdot still brings me stories I wouldn't see otherwise. I do not, however, come here for prepackaged news stories. I have major media outlets for that sort of mind-rot.

Re:How much does a story like this cost?

[detlev409]

triggerhappy :)

We don't have to be alone...

[Khabok]

We can have that warm, fuzzy maliscious app feeling too... just download IE for Mac!

Re:We don't have to be alone...

[rts008]

No BS inteneded here... does that compromise MAC OS? Seriously, asking to know. (disclaimer: my only MAC/APPLE experience was dusting off some older Apple II's as a custodian in a local Jr. High school- really!) I understand the attacks to IE are serious to any Windows user due to IE being part of the OS (STUPID!!!), but does this threat carry over to IE ported to a MAC OS?

Re:We don't have to be alone...

[Khabok]

Well... it does and it doesn't. IE is inherently less secure because it allows for the nasty buffer-overflows and assorted scripts to run. Once the system has maliscious code running within userspace, anything can happen. For instance, users running 10.3.6 or earlier are in imanent danger of having their passwords stolen, since you can have UNIX dump the hashes from any privclass.

However: the fact still remains that attacks from within the system are much more difficult and less likely to succeed on a Mac, and more importantly the number of Mac users is still so low that virus authors very rarely bother to code for Mac systems. Even through FireFox 1.5 my computer has a few tracking cookies and little bits of spyware, but none of it is ever running or causing trouble because it's designed for Windows.

But where does this leave us? The best protection for Mac is the relatively small number of them running. When Mac gets large enough (and numbers are increasing) then we'll start seeing maliscious code for Macs, in which case the particular decrepitude of Internet Explorer is just a big, open door. Mac may well be more secure than Windows for the rest of eternity, but that's no reason to throw caution to the winds.

Ding Dong...

[everithe]

MERRY CHRISTMAS!

santa

it's the damn .com windows extension.. people think it's a website executable!

your mom's santa clause.. ho ho ho ;)

IM Logic withholds details of Santa Claus worm, un

[themepsp]

Please read this post regarding IM Logic: http://security-protocols.com/modules.php?name=New s&file=article&sid=3135 "If you have been looking for more details on the IM.GiftCom.All threat, you won't find them. Why, you ask? Two reasons, first, IM Logic didn't release any and second, you are most likely not an IM Logic customer. IM Logic withholds details of Santa Claus worm, unless you're a customer IM Logic withholds details of Santa Claus worm, unless you're a customer On Dec. 19th IM Logic released an advisory about a worm spreading through all major IM clients. See advisory for details, or lack thereof. You will need to search for IM.GiftCom.All at http://www.imlogic.com/im_threat_center/index.asp If you have been looking for more details on the IM.GiftCom.All threat you won't find them. Why, you ask? Two reasons, first, IM Logic didn't release any and second, you are most likely not an IM Logic customer. IM Logic did not publicly release any actionable information that would help the community at large. Not because they don't have the details, but because they only share that with paying customers, according to Tim Johnson, the Director of IM Logic's threat center. Mr. Johnson also said that "this is not unethical" and he doesn't see what all the fuss is about. All you have to do is buy the company's product and you will be protected. Johnson did mention that they have a process they follow. They first create the signatures for their products, and then they notify all the affect vendors. Don't worry; the vendors will fix it ASAP. Then they tell the antivirus vendors about what they know. Hopefully they can detect and stop any current infections, if not...your screwed. Then you as a non-customer have the opportunity to wait for a signature to come out by your antivirus vendor so that you can tell if a hacker has a rootkit loaded in your environment. Oh wait, darn it, I almost forgot, according to the official advisory, antivirus vendors can't detect Santa Claus; apparently Santa can put your antivirus to sleep. I always thought Santa knew if you were sleeping, not able to put you to sleep; but I digress. So what is the world and security community supposed to do? Well according to IM Logic, pay them the money and they will take care of it for you. Hmm, I wonder where else we find this type of behavior. Hold on guys, Toni the Bull is at my back door, brb, need 2 make my "insurance payment" AFK.... Back, sorry it took so long. I just hurt my knee; I was short on my "insurance payment" this month. Anyway, haven't we been down this road before? Security companies should follow the same procedures that ethical and responsible researchers follow when disclosing vulnerabilities. Most companies are responsible, those that aren't... should we reward them by purchase order? Not this security guy. "

late comers...

[Chaffar]

The Santa worm is the latest tactic to be used on IM networks. Past tricks have included offers of movie clips to the latest release of "Star Wars" that instead led to an infected computer.

Yes that should definitely fool the 3 people who still haven't watched the movie into clicking on the link...

[Friend_1] Hey d0od check out this clip of the latest Star Wars... [Friend_2] No thx just send me the .torrent...

Re:late comers...

thanks for the heads up, i wonder who the other 2 are, we have to warn them

If you are dumb enough to fall for this

[anotherlogan]

They must already have your paypal account info, your Bank of America info, and your social. The words, "your account has been restricted," = we're fishing for your info. Seriously, since the days of Prodigy, people have been trying to steal your info. If you are dumb enough to fall for this, you deserve it. And my email account is still through AOL. I just saw a commercial that AOL supposedly protects against this crime. Why do I get get 10 emails a day that my account has been restricted? Because I allow Slashdot to post it, that's why.

Goes without saying

[Trejkaz]

"A Santa Claus worm is attempting to trick America Online, Microsoft MSN and Yahoo instant-messaging users..."

Which would be about as hard as falling off a bucket.

Someone will do it

[ThePengwin]

Believe me. People WILL click the link. They always do.
There always is one stupid person who starts it all.

i call for a "You Must be this smart to use the internet" Logo whenver you use the internet! :P

and on that note, cue the jingles....

A duplicate already??

[PowerBert]

This linux screensaver virus was only posted a little while ago.

It just gets worse and worse *g*

Silent delivery of Linux to the desktop, I think it's the way forward!

PS. No I didn't RTFA

I guess i'll be getting coal in my stocking...

I use Gaim.

ask first!

[deckert_za]

Man, these people are so dumb. I asked first if it was a virus and my friend told me "lol, no its not a virus" and I just *knew* I was safe. Always ask first! ;-)

like the firefox headlines

like when firefox in the windows version has an exploit, and it's no where in the article, just "firefox". I've seen that more than once here. I think all these exploits should always be classified as a windows problem first in the title, if that is what it is. Add the sub problem in second place, "new windows vulnerability hits instant messaging systems" would be a more accurate title for the article.

Re:like the firefox headlines

[Burz]

like when firefox in the windows version has an exploit, and it's no where in the article, just "firefox". I've seen that more than once here. I think all these exploits should always be classified as a windows problem first in the title, if that is what it is. Add the sub problem in second place, "new windows vulnerability hits instant messaging systems" would be a more accurate title for the article.

I agree!

yeah, WTF?

[commodoresloat]

Everyone knows there is no such thing as a harmless Santa Claus file.

Don't you worry

[commodoresloat]

The Group of the Martyr Ebenezer Scrooge will soon have its revenge on this infidel.

Dear Elmtree95

[Ilgaz]

There are legit ways to advertise on slashdot.

Check http://www.ostg.com/

It will also prevent hundreds of security professionals, system admins reading slashdot to hunt you down if you coded the lame worm or not.

I know you can call it paranoia but submitting a worm story to slashdot promoting your product can make people wonder how far you would go.

Also people concerned about that worm: Update your virus databases and get latest security patches for your OS and IM Application.

Seems like a worm to me

http://www.sophos.com/virusinfo/analyses/w32tilebo tcr.html

Not a problem...

Gaim. Ubuntu. Merry Christmas!

North Pole

[nephridium]

I always wondered - if Santa lives at the north pole why doesn't he look like an Eskimo?

How does he survive there wearing red clothes? Potential prey would spot him from miles away.

And now this worm thing..

I don't know - there are just so many things that just don't seem right with this fellow.. - But not to worry: thanks to Bush there shouldn't be a problem finding what this guy is up to.

It's a ZDNet story...

[twitter]

an advertisement, all in one convenient package!

Welcome to the wonderful world of Wintel Rags. Oh wait, the ZDNet story was a little different. They pointed to AOL, Yahoo, MSN and IMLogic but failed to provide anything to help with the problem created by Microsoft's pathetic security model.

It's a story worth reading for all of the similar worms that go unreported. The article mentions worms that display Santa and Star Wars clips as if they came from your friends on IM networks and infect your Microsoft (TM) encumbered computer. How many other WMV, you know that silly video format with an exe bite, worms are there that have not been reported as well?

Ho, Ho, Ho, Merry Christmas to all!

Virus Definitions

"Update your virus databases and get latest security patches for your OS and IM Application."

Hmmm... Symantec hasn't got the message yet....

Kinda hard to roll out what isn't there.

If they don't do it, the terrorists will!

[Transdimentia]

At least they are being responsible and tracking terrorists who use the product...

"you must file a special license if you intend to reroute goods to the embargoed regions of Serbia or the Taliban controlled areas of Afghanistan"

free?

Why do you think this was a free advertisement?

Bad Reporting

[towsonu2003]

What kind of a news article is this?

Once the user clicks on the link, malicious code is installed and runs on the computer.

What is the link (an example)? What kind of file its? Is it exploiting any holes in any specific software? Which operating system does this work in? What are the symptoms, if any at all? And what the hell does it do other than spread itself around? What backdoors does it open on the host?

ZDNET needs to do research (also called "journalism") before reporting sensational news...

Fix for this AIM virus

[MCron]

If you're an AIM user and went and got this virus, AIMFix from jayloden.com should take care of it for you.

While you're at it, try reporting the link you downloaded the virus from so it can stop being distributed. Remember, e-mail viruses include infected attachments, while IM viruses just link off to a website creating a single point of failure.

Not to be left out...

[bradleyland]

I have Virtual PC running on my Mac for this express purpose!

yes but...

[Kildjean]

thank god im on a mac...