×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Instant Messaging Vulnerable To New Smiley Attacks

timothy posted about 5 years ago | from the clever-really dept.

Security 170

titus writes "Security researchers Yoann Guillot and Julien Tinnes have found a way to encode malicious code into smileys and provided a proof of concept encoder to automate the process. The researchers said their discovery paves the way for IM malware that would be impossible to detect since the malicious code would be 'indistinguishable from genuine chat messages.' I've tested the proof of concept code which works very well. Time to panic?"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

170 comments

Virus Smiles!?! (4, Funny)

Anonymous Coward | about 5 years ago | (#27423187)

Uh-oh, I knew all those 14 year old girls were really 1337 ha>0rz...

Re:Virus Smiles!?! (5, Funny)

Leafheart (1120885) | about 5 years ago | (#27423209)

I thought that was the reason for all the "Download best smiles EVER for MSN" links I saw around.

Re:Virus Smiles!?! (0)

Anonymous Coward | about 5 years ago | (#27423749)

I liked this idea [thecoffeedesk.com] better than /.'s sorry excuse for humor.

Take that! :-) (5, Funny)

betterunixthanunix (980855) | about 5 years ago | (#27423195)

And that! :-) (-:

Re:Take that! :-) (5, Funny)

Jason Levine (196982) | about 5 years ago | (#27423391)

Ack! Now I'm :-) infected. How could :-) you go posting :-) such a virulent :-) virus where :-) everyone could see i:-)t? I thin:-)k th:-)e inf:-)ect:-)ion's g:-)et:-)tin:-)g wo:-)rs:-)e n:-)o:-)w. I:-)'m of:-)f t:-)o pa:-)t:-)ch:-) m:-)y s:-)ys:-)te:-)m. :-):-):-):-):-)

DO YOU THINK THIS IS FUNNY ? (1, Funny)

Anonymous Coward | about 5 years ago | (#27423763)

ARE you STUPID or waht?
DO YOU THINK THIS IS FUNNY ?
do you even HAVS A BRAIN ?
Why don't you just stop posting here right now like forever and evr ?

Re:DO YOU THINK THIS IS FUNNY ? (1)

interkin3tic (1469267) | about 5 years ago | (#27423883)

What's funny is that my first reaction as I read the article was, "doesn't yeast produce wastes that are foreign and toxic to the human body?" And wouldn't you know it, the next section was entitled, "Waste problem". Guess they're reading my mind. :-P

:(

:~(

Re:DO YOU THINK THIS IS FUNNY ? (1)

interkin3tic (1469267) | about 5 years ago | (#27423905)

Oops, sorry, that was a failure of copying, pasting, and previewing... uh... intentionally. April fools?

Re:Take that! :-) (1)

saskboy (600063) | about 5 years ago | (#27423819)

Fortunately (-: reverses the :-) infection. (-:

The trick is getting the infectious smilies and disinfecting smilies into perfect balance. McAfee and Symantec will have products available for that shortly, sure to take your smile away when you pay them for the anti-smile software.

omgponies! :) (0)

Anonymous Coward | about 5 years ago | (#27423207)

:P pwned! :D

Very.. (1)

kheldan (1460303) | about 5 years ago | (#27423211)

..effing funny. You guys should be on stage in Vegas or something.

Re:Very.. (4, Funny)

Brett Buck (811747) | about 5 years ago | (#27423265)

Yeah, opening for Kathy Griffin.

      April Fools Day is always a great opportunity to see that computer nerd humor is every bit as good as computer nerd social skills and personal hygiene.

        Brett

Re:Very.. (3, Funny)

Anonymous Coward | about 5 years ago | (#27423471)

"computer nerd... every bit"

har har

Re:Very.. (0)

Anonymous Coward | about 5 years ago | (#27423557)

hahaha... yours was the first post here that actually made me laugh.

Re:Very.. (0)

Anonymous Coward | about 5 years ago | (#27423629)

Which reminds me... we're the first of the month. Today is shower day!

Re:Very.. (0)

Anonymous Coward | about 5 years ago | (#27423633)

Kathy Griffin is an unfunny ugly biotch.

Disabled... (1)

TurboNed (1370389) | about 5 years ago | (#27423213)

This is why I've disabled my smilies and only post mine backwards so they don't get parsed. I don't want to be considered a hacker... (-:

Re:Disabled... (0)

Anonymous Coward | about 5 years ago | (#27423899)

Based on a number of your posts, I would say that you absolutely are not a hacker. But I am also guessing that you are not capable of being a cracker or even a SK.

thats a good one (0)

stocke2 (600251) | about 5 years ago | (#27423219)

this is one of the funniest I have heard today, along with the squeeze bacon from thinkgeek

Re:thats a good one (0)

Anonymous Coward | about 5 years ago | (#27423259)

Squeeze Bacon was a Aprils Fool's Joke, damn was going to get me some.

DAMMIT! (0)

Anonymous Coward | about 5 years ago | (#27423225)

I knew that frowny face was out to get me!

In the spirit (2, Insightful)

tsstahl (812393) | about 5 years ago | (#27423227)

For the love of all that's decent, make it stop!

Publishing these holes only encourages further malicious activity!

Re:In the spirit (1)

evilbessie (873633) | about 5 years ago | (#27423799)

I believe what you meant to say was *sigh*, it's not going to stop today. You knew it was coming you could just have avoided the interwebs today.

Stop. Really, just stop (4, Insightful)

arkham6 (24514) | about 5 years ago | (#27423277)

Please? OK? One or two stories is acceptable, even if they are not funny. Multiple stories each year is just annoying.

MOD PARENT UP! (0)

Anonymous Coward | about 5 years ago | (#27423413)

this crap is just getting old.

Re:Stop. Really, just stop (1, Funny)

kclittle (625128) | about 5 years ago | (#27423463)

Flamebait??? He's spot on. Mod him "goddamn right!"

Re:Stop. Really, just stop (5, Insightful)

MobileTatsu-NJG (946591) | about 5 years ago | (#27423751)

Flamebait??? He's spot on. Mod him "goddamn right!"

Slashdot is operational 364 days a year. One day of silliness and it's BITCHBITCHBITCHBITCHBITCH. Your problem's between the chair and the keyboard.

Re:Stop. Really, just stop (4, Funny)

poena.dare (306891) | about 5 years ago | (#27423991)

Your problem's between the chair and the keyboard.

Nothing wrong with my penis. What you talkin about Willis?

Re:Stop. Really, just stop (1)

JCSoRocks (1142053) | about 5 years ago | (#27424015)

I concur. My PEBKAC scanner went apecrap when I scrolled by the GP's post.

Now then, anyone hear anything about a patch for this smiley virus?

Re:Stop. Really, just stop (0)

Anonymous Coward | about 5 years ago | (#27424023)

The problem is: It's full of this BS storys and they keep coming. Some of them were ok but this one in particular wasn't even remotely funny.

Just leave it at two or three April Fools' stories next year but don't spam everything.

Re:Stop. Really, just stop (1)

Vohar (1344259) | about 5 years ago | (#27423483)

Yeah, they're really running it into the ground. Wish I had mod points to undo that 'flamebaid' mod he got.

Leave that poor dead horse alone!

Yawn.... (1, Informative)

Anonymous Coward | about 5 years ago | (#27423797)

I'm getting really bored at all these silly April 1st stories.

I think for a little excitement I should go and punch Cowboy Neal in the face and kick him in the nutsack too.

Now don't you think that would be funny?

:D (1)

DrugCheese (266151) | about 5 years ago | (#27423283)

How about you just turn off those annoying smiles then? Problem solved?

I prefer text based emoticons anyway :p

Re::D (1, Funny)

Anonymous Coward | about 5 years ago | (#27423485)

Mark my word. Next year, this day, there'll be a slashdot front page story...about security risk in using to text based emoticons.

And people will spend the year working on the exploit.

Re::D (0)

Anonymous Coward | about 5 years ago | (#27423581)

How about you just turn off those annoying smiles then? Problem solved?

Because sometimes you just cant express yourself properly without a few dozen 3 inch wide smileys with glitter text

Virus Variant (5, Funny)

JerryLove (1158461) | about 5 years ago | (#27423293)

As I understand it, there is already a variant out undetectable to anti-smiley software as it embeds itself in a frowny-face.

I wonder if it's transmittable on a discussion board as well? :(

Re:Virus Variant (0)

Anonymous Coward | about 5 years ago | (#27423441)

Oh no, I'm infected !!!

My favorite holiday (3, Insightful)

Weaselmancer (533834) | about 5 years ago | (#27423377)

"Slashdot Is Broken Day!"

Oh please, please someone post a release date for Duke Nukem Forever! Or a story about how Microsoft is publishing their source code base under the GPL.

IT'S NOT TIRED AND BORING AT ALL.

Re:My favorite holiday (2)

Dun Malg (230075) | about 5 years ago | (#27423961)

The only positive thing I can say about today is that it's better than it was a a year or two ago, when every fucking story was a joke, and not a single one of them was even the slightest bit clever or believable. This one story at least has the obfuscation of assembly language to make it look plausible, and we have a real blurb about conficker, so we're already ahead.

some text (0)

Anonymous Coward | about 5 years ago | (#27423379)

\(^-^)/ ...stupid filter

More fun with smilies... (4, Funny)

6Yankee (597075) | about 5 years ago | (#27423395)

I've always thought that it would be far more fun to get into someone's system (actually, lots of people's systems) and replace the smiley images. You send :) and, instead of getting a smiley face, they see an image that contains a sexually explicit proposition in the default MSN font. Imagine the chaos.

Fortunately for the world, I can't write viruses. :D

:(){ :|:& };: anyone? (5, Informative)

TinBromide (921574) | about 5 years ago | (#27423419)

:(){ :|:& };:

There, punch that into your terminal and see the poweer of the smiley.

Yay! The Smiley of Death! (1, Funny)

Anonymous Coward | about 5 years ago | (#27423603)

Ah, the Smiley of Death! Long time no see.

Yes, I have seen people reboot their PC because of him, tho I tend to use the less virulent :(){:|:};: on the innocent, as it gives them a sporting chance of stopping it...

But who's innocent these days? MWUAHAHA! :(){:|:&:}:&: !!!

This is the one to watch out for (3, Funny)

thetoadwarrior (1268702) | about 5 years ago | (#27423431)

8===D

It always leads to trouble.

Re:This is the one to watch out for (1)

AmigaHeretic (991368) | about 5 years ago | (#27423561)

I more concerned with this one:

8===D (!)

Stay away from my @ss!!

Re:This is the one to watch out for (2, Funny)

Friday (27240) | about 5 years ago | (#27423743)

I more concerned with this one:

8===D (!)

Stay away from my @ss!!

Or it'll end up looking like this.. =(*)=

-- Never thought I get the use the goatse emoticon in a real posting ;)

Bugtraq (3, Insightful)

just_another_sean (919159) | about 5 years ago | (#27423439)

I received this in a bugtraq message earlier and just ignored it, thinking huh, I should read that later. Having read it here I went back and checked it out in full. Did anyone actually run the Ruby code attached to the blog/bugtraq?

Oh now I get it! (0)

Anonymous Coward | about 5 years ago | (#27423455)

You ONLY publish April Fools' news!
I was reading through the main page thinking what the hell.

I've discovered a similar vulnerability (1)

jollyreaper (513215) | about 5 years ago | (#27423491)

(o)(o) - here's a vulnerability encoded in bewbs.

I would have more examples but Slashdot refuses to render characters in a fixed-width fashion, foiling any further attempts at character art jokes.

obligatory xkcd (4, Funny)

WhiteDragon (4556) | about 5 years ago | (#27423519)

touche! ][:=~+ (0)

Anonymous Coward | about 5 years ago | (#27423933)

you have to look at the mouseover text:
"U+FDD0 is actually Unicode for eye of the basilisk, though for safety reasons no font actually renders it."

On a similar note, take this!
][>:=~+

http://www.smbc-comics.com/index.php?db=comics&id=177

High payload (1)

renrutal (872592) | about 5 years ago | (#27423521)

Σ(ï¾YÐ"ï¾Y)

Re:High payload (1)

renrutal (872592) | about 5 years ago | (#27423531)

It seems Slashdot blocks malware in Unicode...

Re:High payload (1)

dingo8baby (1262090) | about 5 years ago | (#27423575)

too much Zalgo. ÒÌÌzÌYÌÌ-Ì--ÌÌ(TM)ÒÌÌzÌYÌÌ-Ì--ÌÌ(TM)ÒÌÌzÌYÌÌ-Ì--ÌÌ(TM)ÒÌÌzÌYÌÌ-Ì--ÌÌ(TM)ÒÌÌzÌYÌÌ-Ì--ÌÌ(TM)ÒÌÌzÌYÌÌ-Ì--ÌÌ(TM)ÒÌÌzÌYÌÌ-Ì--ÌÌ(TM) ---HÒÌÌzÌYÌÌ-Ì--ÌÌ(TM)... :(

what a relief! (1)

f4k3r (642406) | about 5 years ago | (#27423585)

i think it would be pretty awesome if all those people who can't use their native language well enough to express their mood/feelings with words would just magically go offline ... that would be a great day!

A real april fools would have been... (1)

jw3 (99683) | about 5 years ago | (#27423617)

...if one of these hard to believe, so obviously April Fools stories actually turned out to be true. That would have been the *real* April Fools in a really good style. An artfully crafted provocation, made to look stupid and be almost unbelievable... everybody takes it for another lame joke -- and then... tada! April Fools! Your computer actually was compromised by a malicious smiley.

Because until now, the April Fools day on slashdot is ...sad.

j.

Re:A real april fools would have been... (1)

Petrushka (815171) | about 5 years ago | (#27424005)

...if one of these hard to believe, so obviously April Fools stories actually turned out to be true.

Remember when Gmail launched?

Stop this! (0)

Anonymous Coward | about 5 years ago | (#27423685)

Will you please stop this now?

Moderating (0)

Anonymous Coward | about 5 years ago | (#27423687)

I have moderator points pending. Is there a way to moderate a submitted story as "unfunny"?

j.

Warning! (3, Funny)

digitac (24581) | about 5 years ago | (#27423689)

Slashdot vulnerable to lame April Fools' jokes! Cease using immediately for at least 24 hours.

This message brought to you by the Association of Simpleminded Slashdot Humor Adversion Team

(: Global impact (: (0)

Anonymous Coward | about 5 years ago | (#27423695)

So...

Does it work in Australia?

Did anyone actually run the code? (2, Interesting)

fader (107759) | about 5 years ago | (#27423711)

I'm paranoid, as my idea of a good AFJ would be publishing genuinely malicious code as joke malicious code.

You know... (3, Funny)

WarpCode (1519261) | about 5 years ago | (#27423845)

Regardless of it being a harmless April fools joke, Symantec is probably all ready working on a "Smiley Face Blocker".... And people will buy it...

Slashdot useless on April, 1st (1)

fadir (522518) | about 5 years ago | (#27423879)

One, if really necessary 2 subtle jokes are fine but this bombardement of nonsense is just annoying.

Those "jokes" are so obvious, it's not even remotely entertaining.

Too bad... (1)

SebaSOFT (859957) | about 5 years ago | (#27423911)

I don't want to be in your contact list...

Oh April's fool! I get it! Is this supposed to be a joke? I'd stay with the lynx text browser....

don't panic (1)

dkarma (985926) | about 5 years ago | (#27423971)

Its just time to turn off smileys with that nice little checkbox most IMs have these days. smileys are a dumb misnomer anyway. a yellow face w/ a middle finger in the air is not smiley at all

Yes, unicode strikes again. (1)

dschmit1 (1353767) | about 5 years ago | (#27424059)

This asdfhsdhafiihueaein,,zuew and (.Y.) --that really aren't different. I guess I don't get how the smileys make a differences or why I can't just send my malicious messages with plain alphanumeric, or gasp! scripts, ie Japanese written word.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...