Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New Worm Chats with Users on AIM

CowboyNeal posted more than 8 years ago | from the talking-it-up dept.

America Online 577

goldseries writes "CNet is reporting that a new IM worm chats with users to get them to down load a file containing a virus. The virus replicates its self and sends its self out to user's buddy lists. The virus will reply 'lol no this is not a virus.' The virus hides users from seeing the messages sent out to members of their buddy list. Viruses are evolving; now they will even talk to you."

Sorry! There are no comments related to the filter you selected.

lol no this is not a virus (5, Funny)

pizza_milkshake (580452) | more than 8 years ago | (#14201764)

my God, this one will be unstoppable.

Re:lol no this is not a virus (1)

Koiu Lpoi (632570) | more than 8 years ago | (#14201782)

Man, when I read that summary, all I could think was "OMGLOLLMAOROFLWTFBBQR2D2!"

But seriously, that's good.

What this needs to be stopped is a way of educating users that "mypsace_11.com" being saved to your computer is NOT a website.

Re:lol no this is not a virus (4, Funny)

Koiu Lpoi (632570) | more than 8 years ago | (#14201864)

*correction*

Windows needs to be fixed so that executables renamed as PIF are NOT executed. God that's stupid.

Re:lol no this is not a virus (4, Insightful)

tpgp (48001) | more than 8 years ago | (#14202002)

Windows needs to be fixed so that executables renamed as PIF are NOT executed. God that's stupid.

How about fixing windows so that it uses execute bit in the filesystem, rather then the extension of the file to decide whether to execute something or not?

Re:lol no this is not a virus (0)

Anonymous Coward | more than 8 years ago | (#14201905)

lol ima pwn ur harddrive

Re:lol no this is not a virus (-1, Flamebait)

chris macura (899109) | more than 8 years ago | (#14201889)

What sort of moron downloads anything through AIM anyway? And who chats with random users they've never heard of before? I only chat with people I've actually met in real life, and know quite well -- otherwise I wouldn't want to chat with them.

Email is better for file exchange anyway (since you have a backup), and I hope that by now people realize they shouldn't download random shit in their email.

Still, that's a pretty cool use of AI. Not only can it talk to you, it can have a goal to persuade you. It would be fun to chat with one of these just for the hell of it.

Re:lol no this is not a virus (5, Informative)

prionic6 (858109) | more than 8 years ago | (#14201943)

This will come in to you from another AIM-user you KNOW and who is infected. Not some stranger.

Re:lol no this is not a virus (1)

saskboy (600063) | more than 8 years ago | (#14201951)

Imagine if it said:
LOLOMGBBQ!!!11!

It'd penetrate every AIM computer on the planet in minutes.

I've speculated for a while that viruses would start to use bots or AI to try and convince a user that a file sent was clean. If I ever get a file through an IM program I challenge the user before I consider opening it, and I wouldn't open something called "happy.pif" under any circumstances.

Re:lol no this is not a virus (4, Funny)

b4k3d b34nz (900066) | more than 8 years ago | (#14201959)

FTA: "A new worm that targets users of America Online's AOL Instant Messenger..."

What did anyone expect?

Re:lol no this is not a virus (4, Funny)

$RANDOMLUSER (804576) | more than 8 years ago | (#14201994)

My favorite book title is "AOL for Dummies" [amazon.com] .

Well ya. What's your point?

Re:lol no this is not a virus (4, Interesting)

meringuoid (568297) | more than 8 years ago | (#14201964)

my God, this one will be unstoppable.

Don't you just hate it when Insightful gets modded Funny?

I can picture it now. All these lusers whining about their toasted computers... 'But my buddy sent it to me! No, I know about viruses, so I asked if it was for real, and he said it wasn't a virus! It sounded just like him!'

How the hell is this going to be stopped? It's easy to beat the AOL Turing test, because these people use such a warped and simplified form of English that leaves out most of the quirks that give away the lack of any intelligence behind the text. Either we educate AOLusers - in English rather than in computer science - so that they use more complex language that machines can't readily mimic, or we shut down file transfers over IM.

I believe in AI (0)

Anonymous Coward | more than 8 years ago | (#14201770)

This worm is smarter than anyone who writes "its self". Jeebus keerist.

This is overkill (2)

bryan986 (833912) | more than 8 years ago | (#14201773)

The people who are stupid enough to type "Is this a virus?" are the same ones who would have just clicked on it before. I fail to see how this is going to spread any more than before...

Eliza Virus? (0)

Anonymous Coward | more than 8 years ago | (#14201774)

Let me know when it will have hot N3TS3X with you, and I'm in!

(First!)

Re:Eliza Virus? (5, Insightful)

meringuoid (568297) | more than 8 years ago | (#14201996)

Let me know when it will have hot N3TS3X with you, and I'm in!

The frightening thing is, that would probably be pretty easy to code. The net is full of freely-available pornographic stories; extract a whole bunch of phrases from those, use an Eliza-like system to select the right one for the circumstances and incorporate elements of what the user just said into your response...

You could write up a pretty effective cybersex bot, and you could program it to offer to send across 'cam pix' once in a while. Which would, of course, be virus-ridden.

Better yet, once you've written it you could have it communicate with sad lusers via SMS at, oh, 20p per message. And make a killing. Excuse me, I have an Eliza-bot to hack up with some pornography. bbl, d00dz.

Viruses have always talked to you (4, Informative)

thatguywhoiam (524290) | more than 8 years ago | (#14201776)

Anyone remember "give me a cookie? [netlux.org] "

evolving.. (1)

bezgin (785861) | more than 8 years ago | (#14201779)

One day they may be even yell us "All your base are belong to us!"...

Re:evolving.. (0)

Anonymous Coward | more than 8 years ago | (#14201978)

What you say!!

What is this, a turing test? (5, Funny)

grasshoppa (657393) | more than 8 years ago | (#14201781)

Question: How can you tell you are talking to a virus on AIM?

Answer: It sounds more intelligent than a normal user

Re:What is this, a turing test? (4, Funny)

FidelCatsro (861135) | more than 8 years ago | (#14201874)

Q: How many AIM Users does it take to propagate a worm
A: OMG 1337.101

Q: What's the difference between the average AIM user and a Worm
A: One is slimy , insidious , hard to get rid of and invades your system , the other is a self replicating program able to propagate over a network

Re:What is this, a turing test? (-1, Redundant)

Anonymous Coward | more than 8 years ago | (#14201975)

Dang where's a mod point when I need one. +1 Funny

"The virus hides users from seeing" (0)

Anonymous Coward | more than 8 years ago | (#14201783)

This story would be better if it were written in English.

Sadly (1)

andrewman327 (635952) | more than 8 years ago | (#14201790)

It might be the most meaningful conversation some people will have on AIM.

Seriously, though, this is an interesting combination of artificial inteligence and computer malware. I wonder if a virus writer will someday make a more advanced bot for viri delivery.

say goodbye.... (4, Funny)

xao gypsie (641755) | more than 8 years ago | (#14201792)

To every 13 year old in the US and europe.....

Re:say goodbye.... (1)

AviLazar (741826) | more than 8 years ago | (#14201832)

To every 13 year old in the US and europe.....

Since you put it this way, I am thinking of switching sides and helping to distribute this virus. Can we have it be on an 8 year life term...so when those 13 year olds turn 21 the virus disables itself?

Re:say goodbye.... (4, Funny)

rbochan (827946) | more than 8 years ago | (#14201936)

You say this likes it's a bad thing ;o)

Now if this would only hit battlenet servers...

FP (-1)

Anonymous Coward | more than 8 years ago | (#14201797)

Lol no this is not a first post

It's not the first small app that will talk to you (4, Interesting)

AviLazar (741826) | more than 8 years ago | (#14201799)

A.L.I.C.E. [pandorabots.com]

This is a small app and she will talk with you - pretty well. So the fact these guys use something similar (it might even be this app) is no big surprise.

That's why I use Trillian..I still haven't figured out how come it won't let me download files, or even get pictures from other people or even do any kind of direct connect :D

Re:It's not the first small app that will talk to (3, Informative)

DickBreath (207180) | more than 8 years ago | (#14201934)

ELIZA type programs of various flavors have been around for decades, and ran on computers that were very slow / small by today's standards. Heck, an Eliza-style program, and even its LISP interpreter could fit in 64K, or easily on half a megabyte. And that is the runtime requirement. The code itself could easily be a minor addon to a modern day malware.

If you read some classic LISP texts, such as Norvig's book on AI using Common Lisp, or another book The Elements of Artificial Intelligence, and other classic texts, there are probably a lot of algorithms that could be used.

Turn the spread of the malware into some kind of gameplay problem and use AI algorithms to optimize the "gameplay" of the spread?

N E FLAPZ 4 HER WET NALA HUN RAPE JIZZ METH (1)

JismTroll (588456) | more than 8 years ago | (#14201800)

N E HENZ
dobernala flapz r u scents!!!!??? \
D: D: D:

Hardly (1)

Azarael (896715) | more than 8 years ago | (#14201804)

Another bogus headline. You would think that a chatting virus might use one of an im robot at least, not send two static messages. I guess people will fall for it anyway.

In The Immortal Words Of ALICE.... (1)

ObsessiveMathsFreak (773371) | more than 8 years ago | (#14201813)

..."Why don't you just Download me?!!"

Automated Social Engineering on a global scale. Users will crumble before its onslaught. On the bright side, maybe this will get more people off IM.

Re:In The Immortal Words Of ALICE.... (0)

Anonymous Coward | more than 8 years ago | (#14202010)

I'm sorry; it's off-topic, but your post made me think:

"Well, why don't you just TELL ME the name of the movie you want to see???"

- Kramer

The next generation (4, Insightful)

QuaintRealist (905302) | more than 8 years ago | (#14201818)

Honestly (and no, I'm not a programmer), the potential here scares me. It seems to me that "interactive" automated intrusion is going to be a serious issue for security. Yes, the truly prudent are (as usual) safe, but the gap between the "luser" and people like me and my co-workers is going to get smaller.

I really do have some of our local users using vmplayer virtual machines to access the internet (the ones with Windows laptops) - and a lot of services shut down (chat, in particular) that some would like to use.

Those who know more than I (most of you) - any comments?

Re:The next generation (1)

Vokkyt (739289) | more than 8 years ago | (#14201976)

In situations like this, the only defense you can use effectively is common sense. However, the only truly reliable defense is really your common sense, and your weapon is the ability to give people your common sense. I work tech at an office on campus, and on slow days, it's a safe bet that most of the people in the office are on AIM. In lieu of the fact that new worms are starting to talk with people, I'm thinking giant posters that read "IF IT MENTIONS NOT HAVING A VIRUS, IT PROBABLY IS A VIRUS" might need to be posted on people's walls...however, even then I know of a few people that will eventually cave and click the link. It is sort of frightening that so many people out there are going to fall for this simple ploy. This is reminescent of a ploy I used with my mother once when hiding a kitten I found in my room...just that the worm is one deadly kitten. A good safe-guard for the common AIM user would be very useful right about now. Perhaps something that would prevent clickable links in certain situations, like schools or office complexes?

Re:The next generation (1)

pmike_bauer (763028) | more than 8 years ago | (#14202013)

...the gap between the "luser" and people like me and my co-workers is going to get smaller.
So, you are getting dumber? Maybe you have this problem [slashdot.org] .

Not so tough... (1)

farnsaw (252018) | more than 8 years ago | (#14201820)

In the virus source code, just #include eliza.h and you are all set...

Wouldn't it be easier and cheaper... (1)

aapold (753705) | more than 8 years ago | (#14201821)

to just hire a third world sweatshop to chat with people and get them to download your virus? I mean in the $$/hour for the time it took to make something reasonable...

This news has been written (-1)

Anonymous Coward | more than 8 years ago | (#14201822)

by a new worm.

In Soviet Russia... (0)

dhasenan (758719) | more than 8 years ago | (#14201823)

Viruses talk to you!

Re:In Soviet Russia... (0)

Anonymous Coward | more than 8 years ago | (#14201984)

So when will rat brains control viruses?

yes! (2, Funny)

Tachikoma (878191) | more than 8 years ago | (#14201824)

finnaly someone will talk to me on aim

Turing Test (5, Funny)

fuyu-no-neko (839858) | more than 8 years ago | (#14201825)

There's 2 ways to pass the Turing Test: make the program more intelligent, or pick examiners who are more dumb. Virus writers pick the later option.

Re:Turing Test (0)

Anonymous Coward | more than 8 years ago | (#14201855)

its self

Shouldn't it be itself?

Re:Turing Test (0)

Anonymous Coward | more than 8 years ago | (#14202005)

Virus writers pick the later option

Virus writers didn't pick any option, the blame lies with Microsoft.

Oh good! (-1, Redundant)

Anonymous Coward | more than 8 years ago | (#14201829)

Now someone/thing will talk to me on AIM... :(

Hopefully (1)

Joehonkie (665142) | more than 8 years ago | (#14201834)

This will cause some smarter people to stop typing "lol" every other message.

Re:Hopefully (0)

Anonymous Coward | more than 8 years ago | (#14201966)

lol!!

Not a virus post (5, Funny)

Anonymous Coward | more than 8 years ago | (#14201835)

Tell me more about now they will even talk to you.

er... (2, Insightful)

escay (923320) | more than 8 years ago | (#14201840)

wouldn't an unknown new name on the buddy list sending you a package with the message "lol no its not a virus" be a dead giveaway?

Re:er... (1)

xero9 (810991) | more than 8 years ago | (#14201850)

These are AIM users we're talking about :)

Re:er... (1)

antiaktiv (848995) | more than 8 years ago | (#14201871)

it looks like someone on the buddy list sent it.

Re:er... (1)

generic-man (33649) | more than 8 years ago | (#14201885)

Unknown? It sends messages to everyone who's already on your buddy list.

Re:er... (1)

yendor (4311) | more than 8 years ago | (#14201903)

The virus replicates its self and sends its self out to user's buddy lists.


To me it is quite clear that it picks people who have it in the buddylist.
What makes me think is the fact that people actualy communicate like that.

These lusers don't know and they don't care (2, Insightful)

Secrity (742221) | more than 8 years ago | (#14201985)

These are the same people who also don't know and don't care that they allowed music disks to install rootkits and backdoors on their computers.

If it's so smart... (5, Funny)

Brent Spiner (919505) | more than 8 years ago | (#14201843)

how do I know that the virus didn't submit this Slashdot article? Maybe it's just propagating more lies.

/Puts tin-foil hat on

I'm holding out for the one that actually talks... (5, Funny)

Vokkyt (739289) | more than 8 years ago | (#14201846)

I mean, typing its own message is good and all, but not that impressive or scary. Now, when it is able to hijack the read text feature and play psychological mind tricks on me, that's impressive:

"Click the link Dave...why haven't you clicked the link? Do you not like me any more? If you don't, I could just go over here in the corner and format myself...after all, you don't like me anymore, else you would click the link..."

The only way it can get better after that is changing psychological mind tricks to Jedi mind tricks:

"You will click the link."

Wow! (2, Insightful)

Youssef Adnan (669546) | more than 8 years ago | (#14201848)

Only on /. could you find stuff like "down load" then shortly followed by "its self". Somebody there doesn't like to put words together, probably...

You call it a worm, I call it a conversation (1)

digitaldc (879047) | more than 8 years ago | (#14201849)

I have had better conversations with this worm than I did with 'sxybutterfly23' in AIM.
At least I got something out of the conversation other than humiliation and unrequited love.

Disclaimer for previous post (1)

digitaldc (879047) | more than 8 years ago | (#14201967)

Any resemblance to real persons, living or dead is purely coincidental. I do not chat with bots or viruses, really.

And when you remove the virus... (4, Funny)

hal2814 (725639) | more than 8 years ago | (#14201862)

And when you remove the virus it says, "I'm scared, Dave."

Re:And when you remove the virus... (1)

WormholeFiend (674934) | more than 8 years ago | (#14202026)

do viruses dream of electric bacteria?

But can it fly a plane? (1)

john83 (923470) | more than 8 years ago | (#14201865)

As ever, this will only fool idiots. The problem is the same as ever - too many idiots.

Artificially Intelligent Virus (1)

Eli Gottlieb (917758) | more than 8 years ago | (#14201866)

Well, good to see somebody's working on true AI, but I think we should wait to pass judgment on its intelligence for when it attempts to take over the world and stick human beings in pods.

Hides users from? (0)

Suidae (162977) | more than 8 years ago | (#14201868)

"The virus hides users from"...

WTF? Does it hide users from grammar too?

It won't be long (1)

Billosaur (927319) | more than 8 years ago | (#14201872)

Someone will turn the old Eliza program into a virus.

Virus: How do you feel?

You: I'm all right.

Virus: Just all right?

You: Yeah.

Virus: How do you feel about your mother?

I did this! (1)

shamowfski (808477) | more than 8 years ago | (#14201883)

I sent a link to someone yesterday, and when they asked, "Is this a virus?", I responded, "Lol, no this isn't a virus". I'm the aim bot!

The newest front (5, Insightful)

sammy baby (14909) | more than 8 years ago | (#14201888)

The virus will reply 'lol no this is not a virus.'


My friends, we are fighting a war: a war on stupidity.

And clearly, we are losing.

Re:The newest front (4, Insightful)

Anonymous Coward | more than 8 years ago | (#14202000)

My friends, we are fighting a war: a war on stupidity.

It's sort of like natural selection for computer users, except somebody else keeps coming in and fixing their computers...

No way! (1)

Volanin (935080) | more than 8 years ago | (#14201898)


IT: "Hi! It's nice to meet you!"

ME: "Who are you?"

IT: "LOL! Of course I am not a virus! By the way, click here!"


Yeah, sure thing they are evolving...

And I always thought... (1)

VisceralLogic (911294) | more than 8 years ago | (#14201899)

it was just my schizophrenia!

Landshark! (4, Funny)

erroneus (253617) | more than 8 years ago | (#14201900)

Why does this remind me of the old SNL Landshark routine?

Solution (5, Funny)

Red Flayer (890720) | more than 8 years ago | (#14201901)

"The virus hides users from seeing the messages sent out to members of their buddy list. Viruses are evolving; now they will even talk to you."

That's why I Touring-test every single person I ever chat with on IM clients. Sure, no one really wants to talk to me after 30 questions, but I kinda like sitting in an empty chat room.

Re:Solution (1)

the eric conspiracy (20178) | more than 8 years ago | (#14201946)

You would fail your own test

Another reason to use Firefox (0, Troll)

Admodieus (918728) | more than 8 years ago | (#14201902)

If your default browser is Firefox, even if you click on a link like this by accident you'll be ok. I've accidentally clicked a few of these links (as they've come from people I've known to protect their comps) and Firefox provides that nice download summary giving you the extension/file type. Since they're all .pif or something like that, you can easily avoid infecting your computer. Although I must say, a bot that chats with people to download it is pretty sophisticated. I wonder how long it'll be until they disguise worms as AIM updates or upgrades.

What would happen if... (4, Funny)

squoozer (730327) | more than 8 years ago | (#14201904)

...sombody added the virus to their buddy list. It would start chating with itself. Download itself and then infect itself thus commiting suiside. A cunning ploy, I think, to rid the world of this problem.

Does this mean? (4, Interesting)

BushCheney08 (917605) | more than 8 years ago | (#14201909)

Does this mean that September is almost over?

People are lazy these days... (2, Insightful)

jacobcaz (91509) | more than 8 years ago | (#14201916)

  • lol no this is not a virus
So it will sound like almost every other meat-head out there using instant messaging? It will blend right in! I have received less comprehendable IMs from people who would consider it a mortal sin to be anything other than professional in person or on paper.

Why does all respect for grammar and spelling (and not sounding like a 12 year old) go out the window when instant messaging technology is involed (especially in a business setting)?

Re:People are lazy these days... (0, Offtopic)

Admodieus (918728) | more than 8 years ago | (#14201980)

Because time is money even in the IM world. With probably hundreds of people on that person's buddy list, chances are they're talking to multiple people at once. Why use proper grammar to talk to one person when you can ignore netiquette and talk to five people in the same time?

Re:People are lazy these days... (2, Interesting)

jacobcaz (91509) | more than 8 years ago | (#14202022)

Because time is money even in the IM world.

Time is indeed valuable, but where in a professional setting would the equilivent of "lol" be acceptable? I can't think of anywhere I would use that, and in person or in writing most "professionals" would never dream of using that type of reduced language either.

If a person is really so busy as to be bombarded by instant messages non-stop, maybe they should evaluate what percentage are really critical and ignore the rest? That time/money saying is really all about time management!

A great book about Time Management (by the way) is "The Time Trap" [amazon.com] by R. Alec MacKenzie.

Virus Evolution (0)

Anonymous Coward | more than 8 years ago | (#14201924)

"Viruses are evolving; now they will even talk to you" Viruses aren't evolving. The fuck-offs who write these things have to get creative to find a way into the holes that they complain about existing in the Windows. It's self-fulfilling prophecy. It's lofty altruism, but without criminals trying to exploit "weaknesses" in an OS, there wouldn't be "weaknesses".

Not too intelligent (4, Informative)

mcb (5109) | more than 8 years ago | (#14201925)

I've gotten this from several people on my list in the past few days... it basically spams a message, usually the same one, every hour or so, with the same link. It just fakes the address, the real link is to: http://209.235.17.26/My_Christmas_Card.SCR [209.235.17.26]

(06:41:27) xxxx: This AIM user has sent you a Christmas Card! To open it please visit: http://greetings.aol.com/index.pd?source=greetings card?my_christmas_card.scr [aol.com]
This senders personal note: Merry Christmas!
(06:41:27) yyyy : Sorry, I ran out for a bit!
(08:42:59) xxxx: This AIM user has sent you a Christmas Card! To open it please visit: http://greetings.aol.com/index.pd?source=greetings card?my_christmas_card.scr [aol.com]
This senders personal note: Merry Christmas!

Hmm, an NLP improvement. (1)

mgoss (790921) | more than 8 years ago | (#14201929)

For a Natural Language Processing project, I wrote a perl script that would take all of your Gaim logs, build a database of things you are most likely to say, in the style you are most likely to say it. Then, as you typed, it non-obtrusively suggested the rest of the word or next word that you were currently typing. You could hit a key and it would fill it in for you

If IM bots get sophisticated enough, they could start doing something like this. Not for typing something out, but for generating messages from a person that sound a lot like them. Perhaps copying a message of sending a link they had sent earlier, just changing the link location. Then if the person replied, they could use information from the logs on how to best respond like the person.

Hmm, perhaps I shouldn't be giving anyone more ideas...

The one I got is much worse.. (1)

squison (546401) | more than 8 years ago | (#14201931)

It's called W32.Girlfriend.M and not only does it talk, it won't shut the hell up!

Headlines (0, Offtopic)

Volanin (935080) | more than 8 years ago | (#14201939)

From New Scientist [newscientist.com] :

A COMPUTER worm called Sober hit the headlines last week, reigniting people's fears about viruses. But while many may fret about infected emails, hackers are increasingly turning to stealthier ways to spread malicious software. Their latest target is instant messaging (IM), a wildly popular alternative to email that allows groups of friends or colleagues to chat online in real time.

"Hackers look at IM and they see fertile new ground," says Jonathan Christensen of FaceTime Communications, an IM security firm based in Foster City, California. "Although email continues to be a target, malicious code writers have become more creative." Even Microsoft, which supplies a proprietary instant messaging service, agrees. "Instant messaging has become a popular target for malicious hackers," says a spokesperson.

IM viruses and worms are not new. In 2001 two IM viruses called Choke and Hello struck, albeit with limited impact. But back then just 141 million people were using IM to talk online. Today 863 million people chat this way, and in March 2004 the volume of IM spam, known as spim, began to skyrocket (New Scientist, 3 April 2004, p 22). But because instant messages from your account can only be sent to your approved contact lists of friends, security experts hoped that IM worms would never take off like email-based malware.

Now, despite these protections, IM worms are beginning to cause similar damage to their email counterparts. "The sweet spot for IM worms is right now," says Jon Sakoda of IM security company IMlogic in Waltham, Massachusetts.

On April 14, the UK-based news agency Reuters had to remove 60,000 clients from its Microsoft messaging service for 20 hours after it detected an attempted invasion by a worm called Kelvir. IMlogic reports a threefold increase in the number of new IM worms released in the first three months of this year compared with 2004. And during this month and last a new IM worm variant has appeared almost every day, according to FaceTime.

Kelvir and another widespread worm called Bropia were detected on 6 March and 19 January respectively. They both use a piece of publicly available code called an application programming interface (API) to infect Microsoft IM networks, and spread via messages that appear to come from a trusted friend, but actually contain malicious web links. Click on one and it automatically downloads a virus that gives a hacker remote control of your PC.

The links are embedded within casual, friendly or salacious comments depending on the worm variant. Hackers have even programmed some Kelvir worms to chat with the victim before sending the link, to persuade the recipient they are talking to a friend. The worm's stock responses are sent blindly, regardless of how the victim replies, so these "conversations" can seem fragmented and illogical. But this is not uncommon even in genuine IM chat, due to the short time delay between sending and receiving messages. "It always shocks me how well these social engineering attacks end up working," says Nicholas Weaver, a security expert at the International Computer Science Institute in Berkeley, California.

Other worms such as Gabby, which surfaced on 26 April, target AOL's Instant Messenger, gaining access to contact list addresses through a flaw in the software rather than using API. And in March, a spat broke out between IM virus writers (similar to turf wars between email virus writers) when the IM worm Fatso (otherwise known as Sumom or Serflog) contained expletives aimed at the writer of the worm Assiral, which in turn was designed to disable Bropia.

Graham Cluley, a security consultant at UK-based anti-virus firm Sophos, says that email still poses a bigger threat. "While IM viruses may be on the rise, I think there will always be more people with access to email," he says. He points out that the Sober worm that struck last week, which also gives hackers remote control access to infected computers, accounted for 4 per cent of all email sent on 4 May.

But the danger is that while practically every company today has anti-virus protection for email, Sakoda estimates that 80 per cent of the US's 1000 wealthiest companies are using IM networks, yet just 10 per cent also have IM security protection. "Email worms are clearly alive and well, but the vulnerability of organisations to IM threats is much, much greater than to email," he says.

Quake 2 Ratbot (2, Interesting)

TheFlyingGoat (161967) | more than 8 years ago | (#14201942)

Anyone who played Quake2 must be familiar with ratbot. It would respond with "Yeah !!! I am a R A T B O T !!!!! ?? " or "Please help me !!! What is a bot ??" if someone's message included the text "ratbot". This worm reminds me of that... annoying, but in a really funny way.

Virus Scanners cannot remove the human element (1)

rascanban (732991) | more than 8 years ago | (#14201950)

This evolution is very efficient. It would seem that as the virus scanners become more advanced and email/chat scanners begin to pick up on the spread of different virus types, the virus writers have reversed their attack type. Rather than try to hide from the scanners, they attack the weakest element in the virus defense chain - the users. Users are more easily fooled than scanners, and by writing code clever enough to interact with the user, the virus writers are bypassing the security offered by the "professional" tools. Quite genius. I once heard that many (if not all) advances in Internet technology have come as a result of porn, spam, or virus writers (some caused by companies creating needed defenses for these type of developers). This seems to be in accord with that line of thought.

How dumb can you be? (1)

4D6963 (933028) | more than 8 years ago | (#14201954)

How dumb can one be to click that thing? Most of the time it's gotta be like that :

PossessedSN : lol thats cool http://foo.bar/clarissa17.pif [foo.bar]
NormalUser : who r u???
PossessedSN : lol no its not its a virus

Now if the NormalUser thinks it's someone normal talking to them, he's quite dumb.

In Any Language.... (1)

Volanin (935080) | more than 8 years ago | (#14201962)

From Instant Messaging Planet [instantmes...planet.com] :

A new "multiple language" smart worm is spreading through Instant Messaging, checking system settings of IM clients and then sending messages in the appropriate language. The virus appears to be a new variant of the Kelvir instant messaging (IM) worm dubbed Kelvir.HI, propagating over a leading public IM network, said security firm Akonix.

Akonix says it is the first worm ever identified that intelligently checks system settings and delivers the worm in the proper language. "The rise of IM threats is mostly 2005 phenomena," Francis Costello, CTO at Akonix, said. "For the most part these social engineering attacks are pretty basics. Except this one."

Costello also said this form of advanced social engineering, where a virus discovers which language a user is working in, and then propagates itself in the same language, is a trend likely to continue. So far the worm has only been spotted on the MSN IM client.

"It figures if you're speaking French, your buddy is also speaking French," he said.

Earlier this month, the Akonix Security Center reported a total 42 new threats aimed at corporate IM systems in July, which is a 24 percent increase over the previous month.

The Akonix Security Center has classified the most recent worm as low risk and immediately used the industry's only real-time IM malware, SPIM and protocol update system to automatically push updates to customers for protection against this threat.

So far the smart worm has been spotted in 10 languages, delivering the same line: "haha i found your picture!" The languages are: English, Spanish, Dutch, French, German, Greek, Swedish, Italian, Portuguese and Turkish. The virus moves once users click on the link in the message, a copy of the Spybot worm is automatically downloaded to their computer. Spybot is a backdoor program that, among other malicious activity, can end security applications, log keystrokes and receive remote commands, according to Akonix.

New Message (1)

schlichte (885306) | more than 8 years ago | (#14201969)

When a new message comes in from someone not on your list it gives the dialog "The following user has sent you a message" Now for this bot, is it going to be the same user name, or random one everytime?

I saw Hackers (2, Funny)

ennerseed (463366) | more than 8 years ago | (#14201971)

Viruses have been able to talk to you for a decade, man get with it.

The Enemy (4, Funny)

Moby Cock (771358) | more than 8 years ago | (#14201982)

'lol no this is not a virus.'

That is exactly what a virus would say. The response should be:

lol, yeah, I AM a virus!!!1!!

That would be unstoppable.

Well, my house is safe! (4, Interesting)

Tiberius_Fel (770739) | more than 8 years ago | (#14201983)

My house is safe. We switched my teenaged sister to a Mac, and the number of viruses entering the house quickly dropped to zero. No matter how many times I said "Don't click on the link you get in IMs...". Problem solved!

What I'd like to see (0)

Anonymous Coward | more than 8 years ago | (#14201987)

is an AIM virus that erases the faulty Windows install on the user PC and replaces it with Ubuntu.

Whay hasn't anyone done this yet?

If your AIM responds with... (2, Funny)

Capt James McCarthy (860294) | more than 8 years ago | (#14202003)

"What happen?" "What !" "What You Say !!" "It's You !!" "HA HA HA HA ...." That may be a clue to walk away at that point.

Viruses are evolving? (2, Interesting)

nekoniku (183821) | more than 8 years ago | (#14202008)

Viruses are evolving

Seriously now, are viruses really evolving or is it just that the techniques used by virus writers are evolving? And my Inner Philosopher wants to know if there's a difference and if this has anything to do with Intelligent Design.

I better stop now.

Eliza flashbacks (2, Interesting)

Havenwar (867124) | more than 8 years ago | (#14202016)

Always interesting to see how virus technology evolves. But this... well just reminds me of a t-shirt note I saw somewhere... "Because there is no patch for human stupidity."

Some people just can not be educated.

Good! (2, Funny)

Moby Cock (771358) | more than 8 years ago | (#14202023)

Viruses are evolving; now they will even talk to you

Good! At least something will! The wife has been giving me the cold shoulder since the ... incident.

LOL (5, Funny)

jayayeem (247877) | more than 8 years ago | (#14202027)

This post is not a troll
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?