Santa IM Worm Hits AOL, MSN and Yahoo

elmtree95 writes "CNET News reports A Santa Claus worm is attempting to trick America Online, Microsoft MSN and Yahoo instant-messaging users into clicking on a file that delivers unwanted software to a victim's computer. The IM.GiftCom.All worm attempts to dupe IM users into thinking an acquaintance has sent them a link to a harmless Santa Claus file. IM security vendor ELMTree Software has released a patch to their ChatPatrol (www.chatpatrol.com) product to address this issue."

I bet it isn't as good as:

"lol, it's not a virus."

Presents

[lord_sarpedon]

Oh boy! A Bonzi Buddy! Just what I wanted. Thank you, Santa.

Gee, not even Santa Claus loves Mac users.

[crovira]

Gee, first post.

As a Mac user I feel really lonely.

Re:Gee, not even Santa Claus loves Mac users.

[Cmdr_earthsnake]

To be left out side alooone, it's cold out here - Anastacia I'm feeling lonely as well :(

Re:Gee, not even Santa Claus loves Mac users.

[Happy_Thorsday]

Rock on Mac's! I haven't seen the effects of this worm, yet... Maybe it's because I use Y!IM replacements that Autoblock any posts containing websites... That's because I rock!

gotta love free advertising

elmtree95 writes.... IM security vendor ELMTree Software has released a patch to their ChatPatrol

'nuff said

Re:gotta love free advertising

[BadassJesus]

"IM security vendor ELMTree Software has released a patch"

... and we all hope (in reverend silence) that they havent released the Santa Claus worm itself also

Re:gotta love free advertising

What makes you think it was free? It's hard to escape the conclusion that slashdot has been running paid slashvertisements for years, indeed some editors hardly seem to approve any other kind of story.

In addition there are pagerank spammers like **BeatlesBeatles that appear so frequently despite user outcry that backhanders are again the only logical reason.

Slashdot : Press releases for gullible nerds, stuff that makes us money

Re:gotta love free advertising

[Ilgaz]

I have never seen such shameless product promotion to this date on slashdot.

I suggest Slashdot to revoke that user account. I know it can't be deleted, just change suckers password.

Dear Santa.w32...

Please, please don't bring me any gifts. The bicycle you fired at me last year from your bicycle gun really tore up my insides.

-- AIM user

Re:Dear Santa.w32...

[cellojoe]

santa claus is gunning... you dowwwn! hehe... good stuff

Re:Dear Santa.w32...

[SirTalon42]

It is Futurama, not Family Guy. There is no robosanta in family guy.

How does it work?

[the_humeister]

Since the user has to click on a link, I assume the browser type matters?

Re:How does it work?

[setirw]

Not necessarily. It could be linked to an EXE or PIF, which a naïve user would open. If the target ignores all browsers' warnings about harmful EXEs, in combination with Windows's hiding of file extensions... (somefile).jpg .exe is something I've seen many times. By the way: Does IE prompt that PIF/BAT files are potentially dangerous when downloading? How about VB scripts?

Re:How does it work?

[thesnarky1]

If you remember the other big IM worm a few weeks (months?) ago, browser didn't matter. Just user stupidity. So, as I said then, tell your friends and family to NOT CLICK LINKS! Unless of course, whomever im'ed them can repeat a phrase, such as "I AM a bot, you stupid fool!!!" Security at its finest.

Re:How does it work?

It's a '.com' (like command.com) file being distributed. User clicks accept to start the file transfer. On completion, the IM client turns the filename into a clickable link which, if clicked, starts the malicious component.

Re:How does it work?

[LiquidCoooled]

lol, it's not a virus...

Santa's Motives

[setirw]

better !pout !cry
better watchout
lpr why
santa claus town
cat /etc/passwd >list
ncheck list
ncheck list
cat list | grep naughty >nogiftlist
cat list | grep nice >giftlist
santa claus town
who | grep sleeping
who | grep awake
who | egrep 'bad|good'
for (goodness sake) {
be good
}

Dang, I guess he really meant the last three lines!!

Re:Santa's Motives

[setirw]

That should be:

santa claus <north pole >town

I forgot to submit it as plain text :(

Re:Santa's Motives

[ErichTheWebGuy]

Personally, I woulda said:

mv /etc/northpole/santaclaus ~/town

But that's just me :P

Re:Santa's Motives

[FidelCatsro]

CD SantaClause/
SantaClause/: No such file or directory
rm -rf Christmas_hopes_and_Dreams/

Sorry to break it to you like this kids

Re:Santa's Motives

[Hillgiant]

That would be because Santa Claus has no 'e'. You would think people who rely on text based computing would have better spelling...

Although, you do get double bonus points for reminding me of the amusing Three Stooges "Sanity Clause" skit.

Re:Santa's Motives

[FidelCatsro]

it was a pun .. though the pun was rather weak i do admit

Ho ho ho.

[mctk]

Harmless Santa Claus file? More like insubordinate Claus file.

Re:Ho ho ho.

[HermanAB]

Sad, no American Public School grad will catch that joke...

Re:Ho ho ho.

[needacoolnickname]

You were funny until your American grammar sucked.

American (might be capital, but I graduated from one so I am not sure)

public school

We don't capitalize our public schools because they are not a proper noun unless we use the proper name for the school, but good shot!

Try again next time.

It's a /. story...

[Trailer+Trash]

And an advertisement, all in one convenient package!

I'm usually a "Happy Holidays" person, but...

[Caspian]

HO HO HO! Merrrrrrrrrry Christmas!

(Finally, a reason for me to say that!)

Re:I'm usually a "Happy Holidays" person, but...

[squallbsr]

Or in Blue Collar Comedy Style:

Lady of the Evening, Lady of the Evening, Lady of the Evening. Happy Non-specific celebration day.

User's fault again

[Saven+Marek]

Anyone who catches this is at fault.

what happens is you get an IM message with a link. if you click it, it's your fault when it downloads.

When it downloads it is still just nothing but a file on your disk. If you accidentally click it you have a chance not to run it. Second luck, if you like.

If you then open that file and become infected, it is your own fault.

It is like being warned two times not to put your tongue on a 110v wire chasss. If you still do it you have nobody else to blame.

As they say, take the warnings off everything and let nature sort out the idiots.

Re:User's fault again

[mattmacf]

taking the warnings off doesnt help when a worm installed across several thousand idiots starts DOSsing a site im trying to get to. licking a 110v wire shouldnt knock my power out.

regardless, it looks like just another silly aim worm (albeit with a festive holiday flair).

Re:User's fault again

[cheesy9999]

...and that's why it's usually my girlfriend's sorority sisters who need help fixing these fucking things.

Re:User's fault again

[BigDogCH]

I agree totally. Everyone in my family has been warned about not clicking on links in IM, and openening Email attachments, and .......................

Yet they don't think it is their fault when they get a virus/worm/spyware.

Unlike the ignorant Linux fanboys on /., I do not think it is their fault just for using Windows, but they need to be somewhat responsible. The sad part is, even after 10 years of Windows problems, I still have family that insist they don't need security updates, firewall, and the like.

Bad information

[sloanster]

The article says that "it delivers unwanted software to a victim's computer"...

Um, no. It delivers unwanted software only to hapless users of microsoft OSes. Those running OSX, Linux, BSD etc are completely unaffected.

Re:Bad information

[gaspyy]

Are you sure the "unwanted software" doesn't run with Wine?

While technically you may be correct, you're still a troll for trying to bash Microsoft on this.

Re:Bad information

[Psykosys]

Because most people use Windows and it's therefore targeted to that platform. Seriously though, why does every new IM worm end up on /.? There's nothing remotely new about this, people have used far more clever names to package worms than "Santa" in the past, and the worm itself possesses absolutely no new features of interest.

Re:Bad information

[Burz]

If this worm only affects users of Windows software, and they chose to open and execute the file, then they become the victim. So yes, it does deliver unwanted software to a victim's computer. If the user is running another OS, then they are not victims. Is it that hard to understand?

Somewhat hard, yes. The slashdot summary does not mention Windows, so the rest of us have to dig for this vital detail. That makes the incident hard to understand as reported by slashdot because the editor didn't check story background.

From the posting, how are we supposed to know about "only affects users of Windows software"?? Telepathy?

What's next?

[queenb**ch]

Maybe we can push the Sony root kit out via IM to all of Sony's employees. Anyone know if they have a corporate IM server?

2 cents,

Queen B

Technically You're Wrong

[Afecks]

It delivers it to anyone... it only works on Windows.

Sorry but if you want to nitpick, be prepared to receive the same.

Re:Technically You're Wrong

[techno-vampire]

Not so. The main program only works under Windows, so it doesn't even download the files if you're using any other OS.

Re:Technically You're Wrong

[EvanED]

No, if you click on the link that's presented to you regardless of OS and download it, you'll have it. It doesn't need to run on your computer to IM you; in fact, that's the exact opposite of what would happen.

Scammers and Spammers

[TheUncleD]

These tricks are a few of many that spammers and scammers are resolting to in order to install malware on peoples computers. Santa Clause, how ironic seeing as its the holiday season and people are susceptible.

Microsoft provides this URL for users to immediately get rid of the latest Malware: Remove Malware

Re:Scammers and Spammers

[rodgster]

or instead of being spoon fed by MS, you could...

start--->run--->mrt---->ok

Re:Scammers and Spammers

[Secrity]

Microsoft provides this URL for users to immediately get rid of the latest Malware: Remove Malware.

I tried that link from somebody else's XP box; it didn't work, XP was still functioning after a reboot.

Re:WTF?

[User+956]

You've never heard of a .Claus file? You can open it with Stuffit Expander.

(Yeah, I never have it installed, either)

ironic?

[Afecks]

how ironic seeing as its the holiday season and people are susceptible

I don't think that word means what you think it means...

Re:ironic?

[boxofjack]

How ironic that you had to correct him.

Watch out!

[techno-vampire]

Oh, you better watch out,
You better not cry,
You better not chat,
I'm telling you why:
Santa Worm is coming to town!

ChatPatrol

So... can I get the source to this blatant ripoff of gaim?

Elmtree must be the stupidest company I've seen. They rip off gaim, and then write a post to slashdot: the place where the users are most likely to call them on their infringement!

Re:ChatPatrol

It's not even a ripoff of Gaim, it's just a lousy non-free, non-Free, Windows-only plugin for the commercial IM clients, being hawked using an account which is employed for that purpose only. elmtree95's one and only /. post.

Does it install a clue for users silly enough to download and run executables being pushed by anonymous strangers?

"IM security vendor." How pathetic.

Editors, please don't put spam stories like this on the site. That's all it is.

Re:ChatPatrol

[PitaBred]

Or perhaps you're simply stupid yourself, and unable to understand the brief verbage on their site.
That screensot? That just shows that they work with Gaim. It's an IM security/encryption program that runs transparently basically as a proxy from what I can tell. They don't have an IM client themselves.
Oh, wait... write first, comprehend later. I'm the first to get on someone ripping off open source, but this ain't one of those times, and all it would have taken was using your brain before you typed to figure that out.

Re:ChatPatrol

[khellendros1984]

You've got to admit, though....it's kinda goofy for them to show gaim on their front page, when there are already several very good encryption plugins for it already.

Will it run under wine?

[tibbst]

Probably don't want no wino Santa at my house anyhow. I'll stuff my own stockings, thanks.

Say it with me people

[Billosaur]

Don't click on links in strange IMs!!!

Does anyone listen? No. You know who gets these things? Sad and lonely people, and at this time of year, they are especially vulnerable.

Re:Say it with me people

[MacDork]

Don't click on links in strange IMs!!!

That sounds an awful lot like "Don't open strange email attachments!!!" I do both and I have no problems. My secret?

Keep a recent backup and use a more secure OS. (Thanks to that second bit, I've never needed the first.)

Re:Say it with me people

[Suddenly_Dead]

You know, oddly enough, I have sent links to executables, and transferred executables to friends. I don't always provide a lengthy explanation as to what it is either. How can you really define "strange", especially to people who don't have a built-in scam detector?

Re:Say it with me people

[HermanAB]

Well, why the fsck should clicking on a something fsck your whole system?

Re:Say it with me people

[Beale]

Yeah! And why should pressing down the accelerator in my car make me crash into stuff?

Re:Say it with me people

[HermanAB]

You don't understand - on a Unix system (Solaris, MacIntosh, Linux etc.) running a malicious program will only affect that user. The other users and the system itself will still be fine. On MS systems, the whole friggen system blows up. That is just stupid.

Re:Say it with me people

[Billosaur]

Of course it's more secure; no one writes worms and viruses for Macs since there are so few of them.

Re:Say it with me people

[sglane81]

running a malicious program will only affect that user. The other users and the system itself will still be fine.

#include
int main() {
      while (1) { fork(); }
      return 0;
}

affects everyone on pretty much all systems.

Re:Say it with me people

[sglane81]

bah humbug

#include <unistd.h>

Re:Say it with me people

[MacDork]

no one writes worms and viruses for Macs since there are so few of them.

Just like no one writes worms and viruses for iPods because there are so few of them.

Re:Say it with me people

[HermanAB]

Exhackitilly... It is possible to configure MS Windows to be pretty well behaved, with Admin and User rights, but then some often used applications won't work. Consequently, even a badly configured *nix system is still better in practise. One just has to think for a moment, why most routers and firewalls run Linux. Then think about the fact that the firewall doesn't have a firewall...

What about Google?

[nnorwitz]

I can't believe there's an article on /. that mentions Yahoo, MSN, and AOL, but not Google. They must feel so left out.

Did someone finally impose a Google limit on /.?

Re:What about Google?

[Mr.+Freeman]

It probably doesn't use Google talk to "spread".

Re:What about Google?

[HermanAB]

When 95% speaks, 5% listens.

Human stupidity strikes again

[Mr.+Freeman]

He who does not have anti-virus software nor the common sense not to click on the link nor the common sense not to run the file deserves what's coming to them.

This really isn't any different from the morons who message random people telling them to download sub 7.

Santa has less love for Linux users...

[cloricus]

You guys are the lucky ones as you can just ignore this lump of coal. Us poor Linux users will be up all Christmas night hacking away at wine to get this worm emulated so we don't feel left out.

Convincing the Windows crowd that we are compatible is such a pain... :(

Re:Santa has less love for Linux users...

[Crayon+Kid]

You guys are the lucky ones as you can just ignore this lump of coal.

C.a.r.b.o.n. It's called Carbon.

Re:Santa has less love for Linux users...

[daliman]

a) should cover you for linux as well, unless there's a vulnerability in iptables. Or unless you're a muppet who left yourself and run foolish servers - like the normal windows crowd.

Re:Santa has less love for Linux users...

[Burz]

I wouldn't say we're quite so lucky.

The article is reporting what is actually a WINDOWS VIRUS without actually mentioning this vital background detail. According to the posting, its an "IM" problem. Heh.

The drawback is that us Mac/Lunix users have to click on the link anyway to check that it doesn't affect our platform -- just in case. Another drawback is that Microsoft gets away with not having their product explicitly associated with the virus.

Having this kind of gloss-over slip through has become typical at Slashdot.

I've said this all before and been modded-down for it. No doubt, I'll be cravenly modded-down again...

Re:Santa has less love for Linux users...

[KURAAKU+Deibiddo]

If the virus is Carbon, does that mean that Mac users aren't left out, after all?

Re:Santa has less love for Linux users...

[mibus]

C.a.r.b.o.n. It's called Carbon.

I'd much rather Cocoa.

Re:Santa has less love for Linux users...

[Spudds]

Dude you SO owe me a coffee for that one!

    And a towel for my monitor. :)
    Man... I've even got mod points but you're already +5!

Re:Santa has less love for Linux users...

[Zardus]

hacking away at wine to get this worm emulated

Wine Is Not an Emulator!!!

It can't just be me....

[ShyGuy91284]

The thought crossed my mind that the "delivers unwanted software" hyperlink would be a hotlink to the virus. I know if I were sadistic enough I would have done it in samzenpus's place.....

Oh no

[rolypolyman]

This doesn't bode well. I think AOLers are just now getting up to speed on the "good times" virus.

How much does a story like this cost?

[trance9]

So is slashdot running paid stories now? How much to I have to pay to have a story of my choice run and mention my company like this?

Re:How much does a story like this cost?

[detlev409]

Agreed. I call shenanigans. Check out Elmtree's profile. This account was created with the express purpose of promoting the ChatPatrol product.

This is nothing more than an underhanded marketing attempt, piggybacking on a genuine virus alert. OOoo...the shadiness...

Re:How much does a story like this cost?

[detlev409]

Agreed. I call shenanigans. Check out Elmtree's profile. This account was created with the express purpose of promoting the ChatPatrol product.

This is nothing more than an underhanded marketing attempt, piggybacking on a genuine virus alert. OOoo...the shadiness...

Re:How much does a story like this cost?

[chris_eineke]

I, as an anarchocapitalist, fully support our free-market worshipping, slashvertisement posting corporate overlords.

Re:How much does a story like this cost?

[darkmeridian]

I don't think they tried too hard to hide their association. The company was called Elmtree and their Slashdot ID was elmtree95. Still, I wonder if anyone was paid because it was so blatant.

Re:How much does a story like this cost?

[detlev409]

I don't dispute the obvious nature of the con. On the contrary, I find it a tad offensive. Does this Elmtree really believe we're that desperate/gullible?

I doubt it. My guess is somebody didn't do their homework on what goes on in the slashdot forums, but thought they'd get cute with an attempt at self-starting viral marketing anyway.

If this turned out to involve actual slash-payola, I'll be leaving, with no goodbyes or regrets. I can live with sloppy editing and a linux bias, because slashdot still brings me stories I wouldn't see otherwise. I do not, however, come here for prepackaged news stories. I have major media outlets for that sort of mind-rot.

Re:How much does a story like this cost?

[detlev409]

triggerhappy :)

We don't have to be alone...

[Khabok]

We can have that warm, fuzzy maliscious app feeling too... just download IE for Mac!

Re:We don't have to be alone...

[rts008]

No BS inteneded here... does that compromise MAC OS? Seriously, asking to know. (disclaimer: my only MAC/APPLE experience was dusting off some older Apple II's as a custodian in a local Jr. High school- really!) I understand the attacks to IE are serious to any Windows user due to IE being part of the OS (STUPID!!!), but does this threat carry over to IE ported to a MAC OS?

Re:We don't have to be alone...

[Khabok]

Well... it does and it doesn't. IE is inherently less secure because it allows for the nasty buffer-overflows and assorted scripts to run. Once the system has maliscious code running within userspace, anything can happen. For instance, users running 10.3.6 or earlier are in imanent danger of having their passwords stolen, since you can have UNIX dump the hashes from any privclass.

However: the fact still remains that attacks from within the system are much more difficult and less likely to succeed on a Mac, and more importantly the number of Mac users is still so low that virus authors very rarely bother to code for Mac systems. Even through FireFox 1.5 my computer has a few tracking cookies and little bits of spyware, but none of it is ever running or causing trouble because it's designed for Windows.

But where does this leave us? The best protection for Mac is the relatively small number of them running. When Mac gets large enough (and numbers are increasing) then we'll start seeing maliscious code for Macs, in which case the particular decrepitude of Internet Explorer is just a big, open door. Mac may well be more secure than Windows for the rest of eternity, but that's no reason to throw caution to the winds.

IM Logic withholds details of Santa Claus worm, un

[themepsp]

Please read this post regarding IM Logic: http://security-protocols.com/modules.php?name=New s&file=article&sid=3135 "If you have been looking for more details on the IM.GiftCom.All threat, you won't find them. Why, you ask? Two reasons, first, IM Logic didn't release any and second, you are most likely not an IM Logic customer. IM Logic withholds details of Santa Claus worm, unless you're a customer IM Logic withholds details of Santa Claus worm, unless you're a customer On Dec. 19th IM Logic released an advisory about a worm spreading through all major IM clients. See advisory for details, or lack thereof. You will need to search for IM.GiftCom.All at http://www.imlogic.com/im_threat_center/index.asp If you have been looking for more details on the IM.GiftCom.All threat you won't find them. Why, you ask? Two reasons, first, IM Logic didn't release any and second, you are most likely not an IM Logic customer. IM Logic did not publicly release any actionable information that would help the community at large. Not because they don't have the details, but because they only share that with paying customers, according to Tim Johnson, the Director of IM Logic's threat center. Mr. Johnson also said that "this is not unethical" and he doesn't see what all the fuss is about. All you have to do is buy the company's product and you will be protected. Johnson did mention that they have a process they follow. They first create the signatures for their products, and then they notify all the affect vendors. Don't worry; the vendors will fix it ASAP. Then they tell the antivirus vendors about what they know. Hopefully they can detect and stop any current infections, if not...your screwed. Then you as a non-customer have the opportunity to wait for a signature to come out by your antivirus vendor so that you can tell if a hacker has a rootkit loaded in your environment. Oh wait, darn it, I almost forgot, according to the official advisory, antivirus vendors can't detect Santa Claus; apparently Santa can put your antivirus to sleep. I always thought Santa knew if you were sleeping, not able to put you to sleep; but I digress. So what is the world and security community supposed to do? Well according to IM Logic, pay them the money and they will take care of it for you. Hmm, I wonder where else we find this type of behavior. Hold on guys, Toni the Bull is at my back door, brb, need 2 make my "insurance payment" AFK.... Back, sorry it took so long. I just hurt my knee; I was short on my "insurance payment" this month. Anyway, haven't we been down this road before? Security companies should follow the same procedures that ethical and responsible researchers follow when disclosing vulnerabilities. Most companies are responsible, those that aren't... should we reward them by purchase order? Not this security guy. "

late comers...

[Chaffar]

The Santa worm is the latest tactic to be used on IM networks. Past tricks have included offers of movie clips to the latest release of "Star Wars" that instead led to an infected computer.

Yes that should definitely fool the 3 people who still haven't watched the movie into clicking on the link...

[Friend_1] Hey d0od check out this clip of the latest Star Wars... [Friend_2] No thx just send me the .torrent...

If you are dumb enough to fall for this

[anotherlogan]

They must already have your paypal account info, your Bank of America info, and your social. The words, "your account has been restricted," = we're fishing for your info. Seriously, since the days of Prodigy, people have been trying to steal your info. If you are dumb enough to fall for this, you deserve it. And my email account is still through AOL. I just saw a commercial that AOL supposedly protects against this crime. Why do I get get 10 emails a day that my account has been restricted? Because I allow Slashdot to post it, that's why.

Re:WTF?

[TerminalInsanity]

wtf for sure. who the hell downloads a file from some random person on the internet?
and even then, you would have to be near brain dead to run it.

what are these people thinking... i think mcafee/norton/etc should get together and make some basic '10 rules to avoid viruses' bs, maybe if we add an annoying jingle to it, these people might get it. WTF

Re:WTF?

[MntlChaos]

except they're not random people. You'd think they were your friends.

Goes without saying

[Trejkaz]

"A Santa Claus worm is attempting to trick America Online, Microsoft MSN and Yahoo instant-messaging users..."

Which would be about as hard as falling off a bucket.

Someone will do it

[ThePengwin]

Believe me. People WILL click the link. They always do.
There always is one stupid person who starts it all.

i call for a "You Must be this smart to use the internet" Logo whenver you use the internet! :P

and on that note, cue the jingles....

ask first!

[deckert_za]

Man, these people are so dumb. I asked first if it was a virus and my friend told me "lol, no its not a virus" and I just *knew* I was safe. Always ask first! ;-)

yeah, WTF?

[commodoresloat]

Everyone knows there is no such thing as a harmless Santa Claus file.

Don't you worry

[commodoresloat]

The Group of the Martyr Ebenezer Scrooge will soon have its revenge on this infidel.

Dear Elmtree95

[Ilgaz]

There are legit ways to advertise on slashdot.

Check http://www.ostg.com/

It will also prevent hundreds of security professionals, system admins reading slashdot to hunt you down if you coded the lame worm or not.

I know you can call it paranoia but submitting a worm story to slashdot promoting your product can make people wonder how far you would go.

Also people concerned about that worm: Update your virus databases and get latest security patches for your OS and IM Application.

Re:Okay, so I'm a Scrooge

[Ninjy]

Unfortunately for your analysis, people die, and new people are born every day. There's always new people using computers, uninformed of the risks, not knowing there -is- a risk. That's hardly their fault.

North Pole

[nephridium]

I always wondered - if Santa lives at the north pole why doesn't he look like an Eskimo?

How does he survive there wearing red clothes? Potential prey would spot him from miles away.

And now this worm thing..

I don't know - there are just so many things that just don't seem right with this fellow.. - But not to worry: thanks to Bush there shouldn't be a problem finding what this guy is up to.

If they don't do it, the terrorists will!

[Transdimentia]

At least they are being responsible and tracking terrorists who use the product...

"you must file a special license if you intend to reroute goods to the embargoed regions of Serbia or the Taliban controlled areas of Afghanistan"

Bad Reporting

[towsonu2003]

What kind of a news article is this?

Once the user clicks on the link, malicious code is installed and runs on the computer.

What is the link (an example)? What kind of file its? Is it exploiting any holes in any specific software? Which operating system does this work in? What are the symptoms, if any at all? And what the hell does it do other than spread itself around? What backdoors does it open on the host?

ZDNET needs to do research (also called "journalism") before reporting sensational news...

Fix for this AIM virus

[MCron]

If you're an AIM user and went and got this virus, AIMFix from jayloden.com should take care of it for you.

While you're at it, try reporting the link you downloaded the virus from so it can stop being distributed. Remember, e-mail viruses include infected attachments, while IM viruses just link off to a website creating a single point of failure.

Not to be left out...

[bradleyland]

I have Virtual PC running on my Mac for this express purpose!

yes but...

[Kildjean]

thank god im on a mac...

Re:like the firefox headlines

[Burz]

like when firefox in the windows version has an exploit, and it's no where in the article, just "firefox". I've seen that more than once here. I think all these exploits should always be classified as a windows problem first in the title, if that is what it is. Add the sub problem in second place, "new windows vulnerability hits instant messaging systems" would be a more accurate title for the article.

I agree!