Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Worm Starts Munching MSN Users

Posted by ryuzaki0 on from the day-zero-install-windows-learn-spanish dept.

Kosmik writes "It appears that MSN has been struck by a vindictive new worm, according to security company Panda Software. The worm, acting in the vein of movies like the Ring and FearDotCom, delivers a fateful terror message and then proceeds to disable most of your protection software like anti-virus,firewalls and even your Windows control apps (TaskManager, Regedit). It distributes itself to all your MSN contacts by sending a video called 'Fantasma.'"

10 of 168 comments (clear)

  1. Miranda by golemwashere · · Score: 2, Informative

    Or on windows, you could try Miranda
    http://www.miranda-im.org/

    1. Re:Miranda by CastrTroy · · Score: 3, Informative

      Or you could just use GAIM for windows.

      --

      Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
  2. Re:GAIM by CSZeus · · Score: 5, Informative

    Seeing as Gaim is in the process of working on what they call their vv module (the v's standing for voice and video), I don't think it was as much of a security-driven choice as it was a time-driven choice. That or they've had a change of heart, whichever you deem more likely ;)

  3. Re:GAIM by foamrotreturns · · Score: 2, Informative

    You make good points, but you missed a few things.
    First of all, GAIM should try to support the features that the native client supports. It's designed to be a total replacement solution, so intentionally leaving features out is a no-no. However, GAIM is a plugin-based program, so if the dev team wants to keep the focus of the development on the core functionality and leave it up to the community to develop a file transfer plugin, that would be OK too.
    Next, the idea of a native client supporting more than one network goes completely against the business model that they developed the program to follow:
    1) Make free IM product
    2) Make it easy to use
    3) Put ad support in
    4) Charge for ad space
    5) Profit!
    If they allowed their client to connect to other networks, they destroy their switching costs. Can you imagine what would happen if a complimentary copy of Jasc Paint Shop Pro came with your Adobe Photoshop? Sure, most people would stick with Photoshop, but some people might switch, which would steal Adobe's business. To conclude, interoperability is not in the best interests of the companies who operate the networks, unless they merge.
    To solve your problem, you and your friends should set up an SFTP server and use that for file transfers. If your friends get all whiny about you not being able to receive files, just tell them that you'll be the one shaking your head when they get a virus.

  4. Re:GAIM by CSZeus · · Score: 5, Informative

    "Gaim 2.0.0 beta 2 does not include voice or video ("vv") support for any protocols. We've done some work toward vv compatibility for Google Talk, but it isn't ready for the general public yet. It is unlikely this will change for the final release of Gaim 2.0.0, but vv will be a primary focus for the next major release of Gaim after that." (emphasis mine) As per their news page circa January, 2006 (link)

  5. GAIM is not inherently more secure... by RingDev · · Score: 3, Informative

    In this case the user is clicking on a hyper link in the IM Conversation which uses a web browser to download an external application. If someone on your buddy list sent you this message, it would come through with no problems. You could click the link and download the file with no problems. It could even execute it's payload while you are wrapped in your GAIM blanket of security. The only thing that it MIGHT not be able to do is to propagate itself to all of the members of your friends list.

    -Rick

    --
    "Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
  6. Translation by Anonymous Coward · · Score: 1, Informative

    En el 1er día te espantas, en el 2 te desesperas, en el 3 buscas ayuda y en el 4 mueres.

    On the 1st day you are frightened, on the 2nd you are hopeless, on the 3rd you look for aid and on the 4th you die.

    What a nice person, eh?

  7. Re:GAIM by FireFury03 · · Score: 2, Informative

    From what i read it will never support the direct connect. I don't get it and I'm no C programmer but I think its annoying.

    Direct client-to-client connections is fraught with firewall/NAT traversal problems. That said, Jingle and SIP support both require client-to-client RTP connections (NAT discovery is done through STUN), so it's possible direct file transfer will be implemented then.

    --
    http://blog.nexusuk.org
  8. Re:Argh those damn kids and their newfangled tech by FireFury03 · · Score: 2, Informative

    Do you also rail against email attachments?

    Having supported a lot of moron users I can say that yes, email attachments are often a very Bad Thing. But mainly in the "when you have a hammer everything looks like a nail" sense. In some cases attachments are a good way of sending someone a file, but the clueless get too used to doing it that way and don't think of the consequences.

    An example I saw a few years ago (which is a whole catalogue of cockups):

    An estate agent did email-shots to prospective house buyers on a weekly basis. This mail shot consisted of an attached Word document containing descriptions and photos of properties. The photos were taken with something like a 2MP camera and they let Word "scale" them (read: the photos were imported in full resolution and then resized so they were still stored in the document at 2MP!). They would then mail-shot this (very large) document to around 500 email addresses. To make things worse, each week they took the last week's document and modified it, and Word in it's infinite wisdom keeps metadata about changes so the document got bigger each week.

    By the time I got called in to fix their mail server (which had fallen over under the strain) I discovered several tens of gigabytes of mails queued for sending, many of them weeks old because it was now taking over a week to send the weekly mailings over their ADSL. And of course, almost all the mails were eventually getting bounced by the recipients' mail servers anyway because they were so big.

    What they should've done is paid someone to set up a web site for them with a proper SQL backend to present the data they were mailing out. Clearly the users here were terminally clueless, but the point is that the software they were using made it far too easy to make each and every one of these mistakes.

    So in summary, yes in some cases email attachments are useful, but I worry that they are frequently over-used because people get too comfortable using that feature for everything. Oh, and I don't believe most people have much legitimate need for sending executables over email so they should probably be automagically rejected.

    --
    http://blog.nexusuk.org
  9. Re:GAIM by Solosoft · · Score: 2, Informative

    I wrote up a little thing on setting up IPv6 using Hurricane Electrics Tunnel broker. It uses RADVD and a little script I assmbled up, works like a charm.

    Here is the page on using a WRT and DD-WRT for IPv6

    Of course if I wasn't so lazy I would have a completed guide on setting that up without Samba ... you can of course simply take the script and put it in the nvram (minus the comments of course) and it works just the same. Ive been using it on a tunnel now for a few months and have had 0 problems. All operating systems on my network just automaticly work with the 6bone. In Windows XP just type "ipv6 install" and it installs the v6 stuff (ping6, tracert6 etc etc) and in linux "modprobe ipv6" should do the trick. If you have a wrt and dd-wrt or one of the linux versions you should look into it. Once it's setup on the router it's easy as one command to setup on your clients. He.net lets you set the reverse DNS too which is kinda cool for IRC (EFnet and freenode support IPv6 and tons more) even my own IRC network and website now support IPv6. Is it usefull ? Hell no ... but knowing that im one step ahead of most of the world is kinda nice.

    btw if your intrested IRC to solosoft.org port 6667 and it should connect using IPv6 (#Solosoft if you want to chat I guess im guk :)) or visit http://solosoft.org to see IPv6ness in use (the website WILL not work if you don't have IPv6 working). It's more or less somthing fun to do and somthing a little neat to setup. The thing that gets me the most is that it's a simple residental router doing what a very expensive router does.

    --
    Solosoft.org - Your Online Resource to Nothing