New IM worm chats with intended victims

By Joris Evers
Posted on ZDNet News: Dec 7, 2005 1:43:00 AM

You can now instant message with a worm.

A new worm that targets users of America Online's AOL Instant Messenger is believed to be the first that actually chats with the intended victim to dupe the target into activating a malicious payload, IM security vendor IMlogic warned Tuesday.

According to IMlogic, the worm, dubbed IM.Myspace04.AIM, has arrived in instant messages that state: "lol thats cool" and included a URL to a malicious file "clarissa17.pif." When unsuspecting users have responded, perhaps asking if the attachment contained a virus, the worm has replied: "lol no its not its a virus", IMlogic said.

The malicious file disables security software, installs a backdoor and tweaks system files, the company said. Then it starts sending itself to contacts on the victim's buddy list.

But the worm is programmed so that the infected user cannot see the messages that are being sent out by the worm, according to IMlogic.

"This is a first," said Andrew Burton, director of product management at Waltham, Mass.-based IMlogic. This worm is not widespread, but attackers are just trying out this new technique, he said. "We will see one or two instances of an attack, there will be a refinement and then there will be an outbreak."

The inclusion of an IM bot is another sign that IM worms are becoming more sophisticated. Another worm, also spotted on Tuesday, takes a more traditional route: it spreads under the guise of a holiday greeting card, IM security specialist Akonix Systems said Tuesday.

The holiday worm, dubbed Aimdes.E, targets AIM users and arrives with the message: "The user has sent you a Greeting Card, to open it visit:" followed by a link. Once the target clicks on the link, the worm installs itself on the system. It opens a backdoor on the computer and sends itself to contacts on the buddy list, Akonix said.

Advice to users is to be careful when clicking on links in IM messages--even when they seem to come from friends--and to use up-to-date antivirus software. When receiving a link in an instant message, the best practice is to verify with the sender if the link was sent intentionally or not.

SponsoredWhite Papers, Webcasts, and Downloads

Talkback
Most Recent of 56 Talkback(s)

Thread View
Flat View

Toadlife your a bafoon: yes and you can be a complete moron and run as administrator. I can imagine you do this. I never said you couldn't have more than one admin. I would suggest getting a pair of reading glasses for toad ... (Read the rest); Posted by: IceTheNet@... Posted on: 06/30/06 You are currently: Logged In | Log out

Funny all the problems Windows users have to deal with!! DonnieBoy | 12/06/05

I'm on Windows, and still no problem mdemuth | 12/06/05

It didn't say "Windows" rick752 | 12/06/05

but it did say ".pif" rafe01 | 12/07/05

True, but the point is .... rick752 | 12/07/05

not as easy on linux IceTheNet@... | 12/07/05

Read the Trend Micro link in the story. B.O.F.H. | 12/07/05

You would... toadlife | 12/06/05

...unlikely rafe01 | 12/07/05

You can't run programs on Linux? NonZealot | 12/07/05

.rpm files and running them Mil-spec-guy | 12/07/05

I agree with all your points NonZealot | 12/07/05

Nonzealot is right worknman | 12/07/05

L-Users And software Vulnerability chromeronin | 12/07/05

it's acctually simple IceTheNet@... | 12/07/05

IceTheNet, you know suprisingly little about unix/linux toadlife | 12/07/05

Toadlife your a bafoon IceTheNet@... | 06/30/06

Flame bait EJHonda | 12/07/05

Re: Funny all the problems Windows users have to deal with!! bugcrash_z | 12/07/05

linux? MIS Master | 12/07/05

Linux? hcoles | 12/07/05

Problems? Loverock Davidson | 12/07/05

dear Amazing hcoles | 12/07/05

Reboot Windows Servers Daily? PMC-CON | 12/07/05

Linux nevtxjustin@... | 12/07/05

My OS is bigger than your OS! AckItsMe2 | 12/07/05

My Dick IceTheNet@... | 12/07/05

Funny how "safe" Linux is tjleeland | 12/07/05

wireless bigdorkpeter@... | 12/07/05

Agreed the_slash | 12/07/05

(g)AIM D-cat | 12/07/05

No you have your own set of problems unique to Linux Jeff the god of biscuits | 12/07/05

PIFs? too_much green_tea | 12/06/05

PIFs? electro@... | 12/07/05

True, but the point is .... rick752 | 12/07/05

Oops ... ignore above post ...wrong thread rick752 | 12/07/05

Don't chat with people you don't know. CobraA1 | 12/07/05

Re: Don't chat with people you don't know chadle78 | 12/07/05

Re: Reading aptitude - Confused by religion | 12/07/05

Sage advice doclandis@... | 12/07/05

You'd be surprised.... Wolfie2K3 | 12/07/05

This Worm Comes from people you know Buster H- WB | 12/07/05

Safty do's and don'ts chromeronin | 12/07/05

AIM dos and DON'TS MrNasty000 | 12/07/05

AIM dos and DON'TS IceTheNet@... | 12/07/05

Hey script kiddie toadlife | 12/07/05

If you don't know who I am you better ask someone IceTheNet@... | 12/07/05

I know who you are toadlife | 12/07/05

You think THIS is bad? ... read this! rick752 | 12/07/05

Common sense! mozart_z | 12/08/05

What the hell? ceasar_z | 12/08/05

What the hell lobo1953 | 12/09/05

a first? I think not heml0ck | 12/09/05

Aol IM worm flakyfun | 12/10/05

AOL IM WORM CHATS WITH YOU! fakir005@... | 12/10/05

What do you think?

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

SponsoredWhite Papers, Webcasts, and Downloads

BNET Industries
Check out BNET's newest resource for managers and executives. Need to do research on your competitors? Don't have time to read every trade pub? BNET Industries is the new source for daily news, insights, and research on 11 major industries and 9,000 public companies.
The technology industry from a different angle
See what's hot in the auto industry
Stay on top of the energy industry