Instant Messaging Vulnerable To New Smiley Attacks

← Back to Stories (view on slashdot.org)

Instant Messaging Vulnerable To New Smiley Attacks

Posted by timothy on Wednesday April 1, 2009 @08:11AM from the clever-really dept.

titus writes "Security researchers Yoann Guillot and Julien Tinnes have found a way to encode malicious code into smileys and provided a proof of concept encoder to automate the process. The researchers said their discovery paves the way for IM malware that would be impossible to detect since the malicious code would be 'indistinguishable from genuine chat messages.' I've tested the proof of concept code which works very well. Time to panic?"

18 of 170 comments (clear)

Min score:

Reason:

Sort:

Virus Smiles!?! by Anonymous Coward · 2009-04-01 08:12 · Score: 4, Funny

Uh-oh, I knew all those 14 year old girls were really 1337 ha>0rz...
1. Re:Virus Smiles!?! by Leafheart · 2009-04-01 08:14 · Score: 5, Funny
  
  I thought that was the reason for all the "Download best smiles EVER for MSN" links I saw around.
  
  --
  --- "When you gotta do something wrong. You gotta do it right. (Fighter)"
2. Re:Virus Smiles!?! by sunami88 · 2009-04-01 09:00 · Score: 5, Funny
  
  Dad: Who hacked us!?
  
  Granny: idk my bff jill?
  
  I'll go kill myself now.
  
  --
  Sex. Drugs, and Unix.
Take that! :-) by betterunixthanunix · 2009-04-01 08:13 · Score: 5, Funny

And that! :-) (-:

--
Palm trees and 8
Mom was right. by rackserverdeals · 2009-04-01 08:15 · Score: 4, Funny

Smiles are contagious.

--
Dual Opteron < $600
Re:Very.. by Brett+Buck · 2009-04-01 08:18 · Score: 4, Funny

Yeah, opening for Kathy Griffin.
April Fools Day is always a great opportunity to see that computer nerd humor is every bit as good as computer nerd social skills and personal hygiene.
Brett
Stop. Really, just stop by arkham6 · 2009-04-01 08:18 · Score: 4, Insightful

Please? OK? One or two stories is acceptable, even if they are not funny. Multiple stories each year is just annoying.
1. Re:Stop. Really, just stop by MobileTatsu-NJG · 2009-04-01 08:59 · Score: 5, Insightful
  
  Flamebait??? He's spot on. Mod him "goddamn right!"
  Slashdot is operational 364 days a year. One day of silliness and it's BITCHBITCHBITCHBITCHBITCH. Your problem's between the chair and the keyboard.
  
  --
  
  "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
2. Re:Stop. Really, just stop by poena.dare · 2009-04-01 09:21 · Score: 4, Funny
  
  Your problem's between the chair and the keyboard.
  Nothing wrong with my penis. What you talkin about Willis?
3. Re:Stop. Really, just stop by blackfrancis75 · 2009-04-01 09:44 · Score: 5, Informative
  
  Slashdot is operational 364 days a year.
  actually 364.24222 days a year .. and you call yourself a nerd?
Virus Variant by JerryLove · 2009-04-01 08:20 · Score: 5, Funny

As I understand it, there is already a variant out undetectable to anti-smiley software as it embeds itself in a frowny-face.
I wonder if it's transmittable on a discussion board as well? :(
Re:Take that! :-) by Jason+Levine · 2009-04-01 08:27 · Score: 5, Funny

Ack! Now I'm :-) infected. How could :-) you go posting :-) such a virulent :-) virus where :-) everyone could see i:-)t? I thin:-)k th:-)e inf:-)ect:-)ion's g:-)et:-)tin:-)g wo:-)rs:-)e n:-)o:-)w. I:-)'m of:-)f t:-)o pa:-)t:-)ch:-) m:-)y s:-)ys:-)te:-)m. :-):-):-):-):-)

--
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
More fun with smilies... by 6Yankee · 2009-04-01 08:27 · Score: 4, Funny

I've always thought that it would be far more fun to get into someone's system (actually, lots of people's systems) and replace the smiley images. You send :) and, instead of getting a smiley face, they see an image that contains a sexually explicit proposition in the default MSN font. Imagine the chaos.
Fortunately for the world, I can't write viruses. :D
:(){ :|:& };: anyone? by TinBromide · 2009-04-01 08:29 · Score: 5, Informative

:(){ :|:& };:

There, punch that into your terminal and see the poweer of the smiley.

--
Is it sad that I am more likely to recognize you and your posts by your sig than your name or UID?
The problem with /. April fool's... by PinkyDead · 2009-04-01 08:32 · Score: 5, Insightful

...is that some of the real stories are less plausible.

--
Genesis 1:32 And God typed :wq!
obligatory xkcd by WhiteDragon · 2009-04-01 08:40 · Score: 4, Funny

http://xkcd.com/380/

--
Did you mount a military-grade, variable-focus MASER on an unlicensed artificial intelligence?
Re:Awesome by GMFTatsujin · 2009-04-01 09:12 · Score: 5, Funny

^_^
While this may well be a joke... by Wiseleo · 2009-04-01 10:05 · Score: 4, Informative

...in reality there are 3rd party smiley add-ons that work with IM software. You can recognize them by the "Your buddy sent you a smiley, to see it you need to install X software" type of IMs.
That software is not exactly good for your computer either.
For example: http://emoticons.smileycentral.com/yahoo-smileys.jsp
And its EULA http://helpint.mywebsearch.com/intlinfo/eula/eula.jhtml
Choice quotes from EULA
UNIFIED REGISTRATION: As a service to our users, we may consolidate registration data for Webfetti, My Fun Cards, Kazulah, Smiley Central and certain other specified websites, services or applications accessible via the Toolbar, so that users are only required to provide registration information once, and would then be able to use the same unique ID and password to access all such websites, services or applications.
Passwords. In order to access certain services, you may be required to accept additional terms and conditions and/or establish an account including an unique ID and password
After reading that EULA, which references a bunch of other EULAs... that's enough to send my head spinning.

--
Leonid S. Knyshov
Find me on Quora :)