Slashdot Mirror

← Back to Stories (view on slashdot.org)

Instant Messaging Vulnerable To New Smiley Attacks

Posted by timothy on Wednesday April 1, 2009 @08:11AM from the clever-really dept.

titus writes "Security researchers Yoann Guillot and Julien Tinnes have found a way to encode malicious code into smileys and provided a proof of concept encoder to automate the process. The researchers said their discovery paves the way for IM malware that would be impossible to detect since the malicious code would be 'indistinguishable from genuine chat messages.' I've tested the proof of concept code which works very well. Time to panic?"

3 of 170 comments (clear)

Min score:

Reason:

Sort:

:) and :-) by superpaladin · 2009-04-01 08:13 · Score: 2, Interesting

which is safer?
So? by CopaceticOpus · 2009-04-01 08:36 · Score: 2, Interesting

That's nothing, I can insert malicious code into the space between those smileys.
Did anyone actually run the code? by fader · 2009-04-01 08:56 · Score: 2, Interesting

I'm paranoid, as my idea of a good AFJ would be publishing genuinely malicious code as joke malicious code.

--
- fader