Slashdot Mirror
IM Worm Attack Cloaked in Virtual Card Hoax
An anonymous reader writes "There's a new Instant Messaging Worm on the loose that is wrapped up in more than a few interesting twists.
The people behind the infection lure users in with a message on a Russian hosted website claiming to have 'a virtual card for you' — a reference to the famous Email hoax listed on Snopes and numerous other web hoax sites. At the point of infection, the worm opens up a picture of a heart (from a site called Quatrocantos.com that tackles web scams on a daily basis) — this picture itself related to a different 'virtual card' hoax from 2002. Bearing in mind the people behind this attack are deliberately serving up an image from a 'good guy' website related to virtual card hoaxes, the question is — are they attempting to create a
real life infection out of a web-based piece of lore, making a calculated move to tie this attack into numerous Web hoaxes, possibly to confuse infected users looking for help online or simply having a little fun at the good guy's expense?"
quick, Quatrocantos, replace the image with goatse!
are they attempting to create a real life infection out of a web-based piece of lore, making a calculated move to tie this attack into numerous Web hoaxes, possibly to confuse infected users looking for help online or simply having a little fun at the good guy's expense?
All of the above?
No sig for the moment.
There is nothing preventing email trojans from using any subject, including "a virtual card for you". I get email all the time saying that a "friend" has sent a "card" to me. Fortunately, I run Thunderbird on Ubuntu.
/.).
The hoax was that the "virus" would wipe your hard drive and that this was already causing massive problems and there was a widespread media alert about it (what? you haven't heard yet?).
And that you should forward this warning to everyone in your addressbook.
The reality, now, is that there is an email trojan/virus that has the subject "a virtual card for you" that does not appear to be any more dangerous or noteworthy than any of the other 1,000 viruses/variants that have been released this year.
There's no need to forward this message to all of your friends and family and co-workers.
There is no widespread media frenzy about this (unless you count
If you've taken the basic precautions, you won't be in any danger. If you haven't, you've probably already been infected by a dozen other ones so one more won't matter.
I believe the ttile should be 'MS IM Worm Attack Cloaked in Virtual Card Hoax'
if you steal from one source, that is plagiarism, if you steal from many, well, that's just research.
It's rather stupid for them to link to an image out of their control - especially considering it is hosted by their "enemy". Now Quatrocantos can change the image to display a warning that the user's computer was infected. I think that is more of an insult to or vendetta against Quatrocantos than it is some sort of cloaking or other intelligent design.
Dan East
Better known as 318230.
After all, Netcraft has confirmed it.
Friends don't let friends line-dance.
All kinds of viruses, trojans, and worms that we hear about on an almost daily basis now are nothing new and if you notice the articles they normally do not claim they are. Trojans going around on MSN, AIM, Yahoo!, Jabber, IRC, E-mail, Microsoft Messenger, Randor random web searching, or anywhere else have been around for many many years now. Is this even newsworthy? In my opinion it is not.
I don't know what's up with this "good guy" phrase. Snopes has been known to spread some viscous lies about John Kerry and also Micheal Moore in the past. Especially when it was 2004.
The people at Snopes are entitled to their opinions, of course. It's a free country. But I wouldn't call them "good guys".
...or for anyone else who's checked the contents of their spam folder lately. I've been getting announcements that "you've been sent an e-card" with a link to an .exe on a bare IP address or a foreign site with a nonsensical DNS name for... years? Many months, definitely.
-- Old Man Kensey
Hostile code was sent to prospective victims, in the hopes that they would either be dumb enough to run it, or dumb enough to run client software that "helpfully" runs it for them. Of course, the hostile code should be run without any sandboxing, with all the same capabilities as the victim.
Now take this template, and fill it in with irrelevant and uninteresting details. Maybe the hostile code poses as something the victim has seen before. Maybe stress how amazing it is that people still fall for it. Maybe stress how amazing it is that people still run client software that supports easy execution of hostile code. Maybe leave all this out, so that the victims' ignorance isn't mentioned and therefore the hostile code sounds all the more threatening -- i.e. IT COULD HAPPEN TO YOU, SO YOU BETTER BE SCARED (small print: if you're a fucking idiot who hasn't learned anything in the last decade or so). Now your article is ready to be submitted to Slashdot as a major story.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Given that there are direct references to two different virtual card hoaxes in the "attack" itself maybe everyone's looking at it from the wrong slant...
My gut reaction is that this is some (extreme) degree of internet art. This article about hoaxes being essentially viruses in and of themselves says a lot about what may have motivated this particular form of expression.
Maybe whoever made this virus was making a statement about what is "known" (What is well known not to be a virus). They may have also been making a statement about anti-hoax information and/or the "truth".
I didn't read the initial article, mind you -- but the blurb cut seemed to have everything essential in it already.
This news is a bit stale - the attack started several weeks ago, and most AV vendors detect the binary in question..
If they can infect several thousands of systems within the first hour or two, maybe that's good enough to suit their purposes. Some of the email virus or network worm propagation techniques were "stupid" in the sense that they could be easily blocked -- once people knew how it worked. The TFTP callback used by several different worms springs to mind, very easily blocked with a filter rule in a router. In the first few hours, however, hundreds of thousands of systems were infected. Stupid is as stupid does, I guess. In this case stupid owned a bunch of systems before people could respond.
If you mod me down, I shall become more powerful than you could possibly imagine.
when you send an eCard to someone, you have to submit your email adress and the email adress of the recipient... and guess what - the eCard providers sell these email adresses to spammers! - surprise surprise! did you think they had done the programming work and offer the service and their traffic for free?
The MAFIAA is a bunch of mindless jerks who will be the first up against the wall when the revolution comes
I was interested as to whether there was anything new to learn about this attack that would make me safer in the future. I use all the operating systems because I can write programs for all of them. Each has it's benefits and it's liabilities. Reading through these responses was a complete waste of time and used up today's quota of time for reading /.
Much of the work done by several programs are invisible to user. People behind it attempt to attack dumb user by hiding themeselves behind this 'good guy' image. User absolutely has no idea of what they had received by accessing all the files, programs and webpages. Then the virus attack everything the infected user touch. Moral of the story: "Update the antivirus regularly to detect any 'malicious thingy' and ignore spam emails."
come on...of course virus are always on the loose...that is why there are a thingy that is called 'antivirus'. it could check if there is any error in the system.so....update your antiviruses...