Slashdot Mirror

← Back to Stories (view on slashdot.org)

Santa IM Worm Hits AOL, MSN and Yahoo

Posted by samzenpus on from the bad-santa dept.

elmtree95 writes "CNET News reports A Santa Claus worm is attempting to trick America Online, Microsoft MSN and Yahoo instant-messaging users into clicking on a file that delivers unwanted software to a victim's computer. The IM.GiftCom.All worm attempts to dupe IM users into thinking an acquaintance has sent them a link to a harmless Santa Claus file. IM security vendor ELMTree Software has released a patch to their ChatPatrol (www.chatpatrol.com) product to address this issue."

17 of 149 comments (clear)

  1. I bet it isn't as good as: by Anonymous Coward · · Score: 4, Funny

    "lol, it's not a virus."

  2. gotta love free advertising by Anonymous Coward · · Score: 5, Insightful

    elmtree95 writes.... IM security vendor ELMTree Software has released a patch to their ChatPatrol

    'nuff said

  3. Dear Santa.w32... by Anonymous Coward · · Score: 5, Funny

    Please, please don't bring me any gifts. The bicycle you fired at me last year from your bicycle gun really tore up my insides.

    -- AIM user

  4. How does it work? by the_humeister · · Score: 3, Interesting

    Since the user has to click on a link, I assume the browser type matters?

    1. Re:How does it work? by setirw · · Score: 3, Informative

      Not necessarily. It could be linked to an EXE or PIF, which a naïve user would open. If the target ignores all browsers' warnings about harmful EXEs, in combination with Windows's hiding of file extensions... (somefile).jpg .exe is something I've seen many times. By the way: Does IE prompt that PIF/BAT files are potentially dangerous when downloading? How about VB scripts?

      --
      This message printed on 100% post-consumer recycled electrons.
    2. Re:How does it work? by Anonymous Coward · · Score: 3, Informative

      It's a '.com' (like command.com) file being distributed. User clicks accept to start the file transfer. On completion, the IM client turns the filename into a clickable link which, if clicked, starts the malicious component.

  5. Santa's Motives by setirw · · Score: 5, Funny

    better !pout !cry
    better watchout
    lpr why
    santa claus town
    cat /etc/passwd >list
    ncheck list
    ncheck list
    cat list | grep naughty >nogiftlist
    cat list | grep nice >giftlist
    santa claus town
    who | grep sleeping
    who | grep awake
    who | egrep 'bad|good'
    for (goodness sake) {
    be good
    }

    Dang, I guess he really meant the last three lines!!

    --
    This message printed on 100% post-consumer recycled electrons.
    1. Re:Santa's Motives by ErichTheWebGuy · · Score: 5, Funny
      Personally, I woulda said:
      mv /etc/northpole/santaclaus ~/town
      But that's just me :P
      --
      bash: rtfm: command not found
  6. It's a /. story... by Trailer+Trash · · Score: 3, Insightful

    And an advertisement, all in one convenient package!

    --
    Do you have ESP?
  7. What's next? by queenb**ch · · Score: 4, Funny

    Maybe we can push the Sony root kit out via IM to all of Sony's employees. Anyone know if they have a corporate IM server?

    2 cents,

    Queen B

    --
    HDGary secures my bank :/
  8. Technically You're Wrong by Afecks · · Score: 5, Insightful

    It delivers it to anyone... it only works on Windows.

    Sorry but if you want to nitpick, be prepared to receive the same.

  9. Re:WTF? by User+956 · · Score: 3, Funny

    You've never heard of a .Claus file? You can open it with Stuffit Expander.

    (Yeah, I never have it installed, either)

    --
    The theory of relativity doesn't work right in Arkansas.
  10. Santa has less love for Linux users... by cloricus · · Score: 4, Funny

    You guys are the lucky ones as you can just ignore this lump of coal. Us poor Linux users will be up all Christmas night hacking away at wine to get this worm emulated so we don't feel left out.

    Convincing the Windows crowd that we are compatible is such a pain... :(

    --
    I ate your fish.
  11. It can't just be me.... by ShyGuy91284 · · Score: 3, Funny

    The thought crossed my mind that the "delivers unwanted software" hyperlink would be a hotlink to the virus. I know if I were sadistic enough I would have done it in samzenpus's place.....

    --
    In undeveloped countries, the consumer controls the market. In capitalist America, the market controls you.
  12. How much does a story like this cost? by trance9 · · Score: 4, Insightful

    So is slashdot running paid stories now? How much to I have to pay to have a story of my choice run and mention my company like this?

    1. Re:How much does a story like this cost? by detlev409 · · Score: 4, Informative
      Agreed. I call shenanigans. Check out Elmtree's profile. This account was created with the express purpose of promoting the ChatPatrol product.

      This is nothing more than an underhanded marketing attempt, piggybacking on a genuine virus alert. OOoo...the shadiness...

      --
      Howdy.
  13. Re:ChatPatrol by Anonymous Coward · · Score: 4, Informative

    It's not even a ripoff of Gaim, it's just a lousy non-free, non-Free, Windows-only plugin for the commercial IM clients, being hawked using an account which is employed for that purpose only. elmtree95's one and only /. post.

    Does it install a clue for users silly enough to download and run executables being pushed by anonymous strangers?

    "IM security vendor." How pathetic.

    Editors, please don't put spam stories like this on the site. That's all it is.