Slashdot Mirror

← Back to Stories (view on slashdot.org)

Instant Messaging Vulnerable To New Smiley Attacks

Posted by timothy on from the clever-really dept.

titus writes "Security researchers Yoann Guillot and Julien Tinnes have found a way to encode malicious code into smileys and provided a proof of concept encoder to automate the process. The researchers said their discovery paves the way for IM malware that would be impossible to detect since the malicious code would be 'indistinguishable from genuine chat messages.' I've tested the proof of concept code which works very well. Time to panic?"

33 of 170 comments (clear)

  1. Virus Smiles!?! by Anonymous Coward · · Score: 4, Funny

    Uh-oh, I knew all those 14 year old girls were really 1337 ha>0rz...

    1. Re:Virus Smiles!?! by Leafheart · · Score: 5, Funny

      I thought that was the reason for all the "Download best smiles EVER for MSN" links I saw around.

      --
      --- "When you gotta do something wrong. You gotta do it right. (Fighter)"
    2. Re:Virus Smiles!?! by ShadowBlasko · · Score: 2, Funny

      There are no girls on instant messenger... You know that!

      --
      There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order- Ed Howdershelt Via Tass
    3. Re:Virus Smiles!?! by sunami88 · · Score: 5, Funny

      Dad: Who hacked us!?

      Granny: idk my bff jill?

      I'll go kill myself now.

      --
      Sex. Drugs, and Unix.
    4. Re:Virus Smiles!?! by Anonymous Coward · · Score: 1, Funny

      :(){ :|:& };:

      See? It is true!!!

      PS -- don't paste that into a shell terminal unless you use ulimit to limit the number of processes per user, because it will fork bomb.

  2. Take that! :-) by betterunixthanunix · · Score: 5, Funny

    And that! :-) (-:

    --
    Palm trees and 8
  3. Mom was right. by rackserverdeals · · Score: 4, Funny

    Smiles are contagious.

    --
    Dual Opteron < $600
    1. Re:Mom was right. by koterica · · Score: 2, Funny

      So is herpes. A coincidence? I think not.

  4. Re:Very.. by Brett+Buck · · Score: 4, Funny

    Yeah, opening for Kathy Griffin.

          April Fools Day is always a great opportunity to see that computer nerd humor is every bit as good as computer nerd social skills and personal hygiene.

            Brett

  5. Virus Variant by JerryLove · · Score: 5, Funny

    As I understand it, there is already a variant out undetectable to anti-smiley software as it embeds itself in a frowny-face.

    I wonder if it's transmittable on a discussion board as well? :(

  6. Re:Take that! :-) by Jason+Levine · · Score: 5, Funny

    Ack! Now I'm :-) infected. How could :-) you go posting :-) such a virulent :-) virus where :-) everyone could see i:-)t? I thin:-)k th:-)e inf:-)ect:-)ion's g:-)et:-)tin:-)g wo:-)rs:-)e n:-)o:-)w. I:-)'m of:-)f t:-)o pa:-)t:-)ch:-) m:-)y s:-)ys:-)te:-)m. :-):-):-):-):-)

    --
    My sci-fi novel, Ghost Thief, is now available from Amazon.com.
  7. More fun with smilies... by 6Yankee · · Score: 4, Funny

    I've always thought that it would be far more fun to get into someone's system (actually, lots of people's systems) and replace the smiley images. You send :) and, instead of getting a smiley face, they see an image that contains a sexually explicit proposition in the default MSN font. Imagine the chaos.

    Fortunately for the world, I can't write viruses. :D

    1. Re:More fun with smilies... by EkriirkE · · Score: 3, Funny

      :O -> goatse.jpg
      :O~ -> tubgirl.jpg
      :x -> lemonparty.jpg
      :S -> meatspin.gif

      --
      from 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
      to 45 2F 6E 40 3C DF 10 71 4E 41 DF AA 25 7D 31 3F
  8. This is the one to watch out for by thetoadwarrior · · Score: 3, Funny

    8===D

    It always leads to trouble.

    1. Re:This is the one to watch out for by Friday · · Score: 2, Funny

      I more concerned with this one:

      8===D (!)

      Stay away from my @ss!!

      Or it'll end up looking like this.. =(*)=

      -- Never thought I get the use the goatse emoticon in a real posting ;)

  9. Re::) and :-) by VeNoM0619 · · Score: 2, Funny

    Not the ugly one, that's for sure, otherwise you find yourself handcuffed to a bed with a hangover.

    --
    Disclaimer: I am not god.
    We may not be created equal
    But we can be treated equal.
  10. Re:Stop. Really, just stop by kclittle · · Score: 1, Funny

    Flamebait??? He's spot on. Mod him "goddamn right!"

    --
    Generally, bash is superior to python in those environments where python is not installed.
  11. Re:Very.. by Anonymous Coward · · Score: 3, Funny

    "computer nerd... every bit"

    har har

  12. Re::D by Anonymous Coward · · Score: 1, Funny

    Mark my word. Next year, this day, there'll be a slashdot front page story...about security risk in using to text based emoticons.

    And people will spend the year working on the exploit.

  13. obligatory xkcd by WhiteDragon · · Score: 4, Funny

    http://xkcd.com/380/

    --
    Did you mount a military-grade, variable-focus MASER on an unlicensed artificial intelligence?
  14. Yay! The Smiley of Death! by Anonymous Coward · · Score: 1, Funny

    Ah, the Smiley of Death! Long time no see.

    Yes, I have seen people reboot their PC because of him, tho I tend to use the less virulent :(){:|:};: on the innocent, as it gives them a sporting chance of stopping it...

    But who's innocent these days? MWUAHAHA! :(){:|:&:}:&: !!!

  15. STOP PRESS! Slashcode is also vulnerable! by daybot · · Score: 2, Funny

    :O

  16. Warning! by digitac · · Score: 3, Funny

    Slashdot vulnerable to lame April Fools' jokes! Cease using immediately for at least 24 hours.

    This message brought to you by the Association of Simpleminded Slashdot Humor Adversion Team

  17. DO YOU THINK THIS IS FUNNY ? by Anonymous Coward · · Score: 1, Funny

    ARE you STUPID or waht?
    DO YOU THINK THIS IS FUNNY ?
    do you even HAVS A BRAIN ?
    Why don't you just stop posting here right now like forever and evr ?

  18. You know... by WarpCode · · Score: 3, Funny

    Regardless of it being a harmless April fools joke, Symantec is probably all ready working on a "Smiley Face Blocker".... And people will buy it...

    1. Re:You know... by K.+S.+Kyosuke · · Score: 2, Funny

      And then they will repackage it as Emoticon Exterminator Enterprise Edition...and corporations will buy it...

      --
      Ezekiel 23:20
  19. Re:Awesome by GMFTatsujin · · Score: 5, Funny

    ^_^

  20. Re:Stop. Really, just stop by poena.dare · · Score: 4, Funny

    Your problem's between the chair and the keyboard.

    Nothing wrong with my penis. What you talkin about Willis?

  21. Bobby McFerrin says: by FelixNZ · · Score: 3, Funny

    Don't worry about your data, be :)

  22. Re:Take that! :-) by lahvak · · Score: 2, Funny

    You can use a good programming editor when posting, something with syntax highlighting and parensbcwsmilies matching to keep your smilies properly balanced.

    I guess the way the infection works is you put so many smilies to make the message look like some sort of lisp code. The IM software gets confused, starts a lisp interpreter to make some sense of it, the unbalanced parenthesis cause a buffer overflow in the parser, ...

    --
    AccountKiller
  23. This is real you guys by wiedzmin · · Score: 2, Funny

    This is not a hoax, this is real you guys... I'm cereal!

    --
    Bow before me, for I am root.
  24. Re:crap anyone? by Anonymous Coward · · Score: 2, Funny

    that wasn't fun at all. I had to restart my computer. I specifically got ubuntu windows instead of microsoft because of this kind of crap!

  25. A geek girl on LJ is getting it as a tattoo by Anonymous Coward · · Score: 1, Funny

    :(){ :|:& };:

    YAY!