Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Santa IM Worm Hits AOL, MSN and Yahoo

samzenpus posted more than 8 years ago | from the bad-santa dept.

Security 149

elmtree95 writes "CNET News reports A Santa Claus worm is attempting to trick America Online, Microsoft MSN and Yahoo instant-messaging users into clicking on a file that delivers unwanted software to a victim's computer. The IM.GiftCom.All worm attempts to dupe IM users into thinking an acquaintance has sent them a link to a harmless Santa Claus file. IM security vendor ELMTree Software has released a patch to their ChatPatrol (www.chatpatrol.com) product to address this issue."

Sorry! There are no comments related to the filter you selected.

WTF? (0, Offtopic)

ZiakII (829432) | more than 8 years ago | (#14315065)

harmless Santa Claus file.

Whiskey Tango Foxtrot?

Re:WTF? (3, Funny)

User 956 (568564) | more than 8 years ago | (#14315150)

You've never heard of a .Claus file? You can open it with Stuffit Expander.

(Yeah, I never have it installed, either)

Re:WTF? (1)

TerminalInsanity (720167) | more than 8 years ago | (#14315538)

wtf for sure. who the hell downloads a file from some random person on the internet?
and even then, you would have to be near brain dead to run it.

what are these people thinking... i think mcafee/norton/etc should get together and make some basic '10 rules to avoid viruses' bs, maybe if we add an annoying jingle to it, these people might get it. WTF

Re:WTF? (2, Informative)

MntlChaos (602380) | more than 8 years ago | (#14315647)

except they're not random people. You'd think they were your friends.

I bet it isn't as good as: (4, Funny)

Anonymous Coward | more than 8 years ago | (#14315069)

"lol, it's not a virus."

Presents (3, Funny)

lord_sarpedon (917201) | more than 8 years ago | (#14315073)

Oh boy! A Bonzi Buddy! Just what I wanted. Thank you, Santa.

Gee, not even Santa Claus loves Mac users. (2, Funny)

crovira (10242) | more than 8 years ago | (#14315080)

Gee, first post.

As a Mac user I feel really lonely.

Santa has less love for Linux users... (4, Funny)

cloricus (691063) | more than 8 years ago | (#14315242)

You guys are the lucky ones as you can just ignore this lump of coal. Us poor Linux users will be up all Christmas night hacking away at wine to get this worm emulated so we don't feel left out.

Convincing the Windows crowd that we are compatible is such a pain... :(

Re:Santa has less love for Linux users... (0)

Anonymous Coward | more than 8 years ago | (#14315457)

After being hacked recently, I'm convinced that Linux users have it worse for a few reasons. A) Windows exploits are relatively easy to foil...a decent HW firewall should stop 99% of anything and B and C go together, being that B) Someone exploiting a linux box is prolly a step above the average script kiddie and C) because of that, they prolly want more than just a ddos zombie or somesuch - they prolly are using you as a base to hack from - leaving you vulnerable to legal repercussions.

That said............I feel fairly confident that if you aren't running servers you should be pretty much OK but who knows. I was behind a firewall with few publically accessible ports. I have a feeling they may have gained entrance through a shady package install.

Re:Santa has less love for Linux users... (1)

daliman (626662) | more than 8 years ago | (#14315889)

a) should cover you for linux as well, unless there's a vulnerability in iptables. Or unless you're a muppet who left yourself and run foolish servers - like the normal windows crowd.

Re:Santa has less love for Linux users... (1)

Crayon Kid (700279) | more than 8 years ago | (#14315703)

You guys are the lucky ones as you can just ignore this lump of coal.

C.a.r.b.o.n. It's called Carbon.

Re:Santa has less love for Linux users... (1)

Burz (138833) | more than 8 years ago | (#14316074)

I wouldn't say we're quite so lucky.

The article is reporting what is actually a WINDOWS VIRUS without actually mentioning this vital background detail. According to the posting, its an "IM" problem. Heh.

The drawback is that us Mac/Lunix users have to click on the link anyway to check that it doesn't affect our platform -- just in case. Another drawback is that Microsoft gets away with not having their product explicitly associated with the virus.

Having this kind of gloss-over slip through has become typical at Slashdot.

I've said this all before and been modded-down for it. No doubt, I'll be cravenly modded-down again...

Re:Gee, not even Santa Claus loves Mac users. (0)

Anonymous Coward | more than 8 years ago | (#14315286)

That's ok; you're still welcome with all your hipster friends [atspace.com] .

I still feel slightly sick from that link.

working link (0)

Anonymous Coward | more than 8 years ago | (#14315324)

Re:working link (0)

Anonymous Coward | more than 8 years ago | (#14315334)

This isn't all that working either, ya know

We don't have to be alone... (1)

Khabok (940349) | more than 8 years ago | (#14315384)

We can have that warm, fuzzy maliscious app feeling too... just download IE for Mac! [microsoft.com]

Re:We don't have to be alone... (1)

rts008 (812749) | more than 8 years ago | (#14315792)

No BS inteneded here... does that compromise MAC OS? Seriously, asking to know. (disclaimer: my only MAC/APPLE experience was dusting off some older Apple II's as a custodian in a local Jr. High school- really!) I understand the attacks to IE are serious to any Windows user due to IE being part of the OS (STUPID!!!), but does this threat carry over to IE ported to a MAC OS?

Re:We don't have to be alone... (1)

Khabok (940349) | more than 8 years ago | (#14315867)

Well... it does and it doesn't. IE is inherently less secure because it allows for the nasty buffer-overflows and assorted scripts to run. Once the system has maliscious code running within userspace, anything can happen. For instance, users running 10.3.6 or earlier are in imanent danger of having their passwords stolen, since you can have UNIX dump the hashes from any privclass.

However: the fact still remains that attacks from within the system are much more difficult and less likely to succeed on a Mac, and more importantly the number of Mac users is still so low that virus authors very rarely bother to code for Mac systems. Even through FireFox 1.5 my computer has a few tracking cookies and little bits of spyware, but none of it is ever running or causing trouble because it's designed for Windows.

But where does this leave us? The best protection for Mac is the relatively small number of them running. When Mac gets large enough (and numbers are increasing) then we'll start seeing maliscious code for Macs, in which case the particular decrepitude of Internet Explorer is just a big, open door. Mac may well be more secure than Windows for the rest of eternity, but that's no reason to throw caution to the winds.

First post? It isn't, dumbass (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#14316225)

Now fuck off

gotta love free advertising (5, Insightful)

Anonymous Coward | more than 8 years ago | (#14315081)

elmtree95 writes.... IM security vendor ELMTree Software has released a patch to their ChatPatrol

'nuff said

Re:gotta love free advertising (2, Interesting)

BadassJesus (939844) | more than 8 years ago | (#14315321)

"IM security vendor ELMTree Software has released a patch"

... and we all hope (in reverend silence) that they havent released the Santa Claus worm itself also

Re:gotta love free advertising (1, Insightful)

Anonymous Coward | more than 8 years ago | (#14315778)

What makes you think it was free? It's hard to escape the conclusion that slashdot has been running paid slashvertisements for years, indeed some editors hardly seem to approve any other kind of story.

In addition there are pagerank spammers like **BeatlesBeatles that appear so frequently despite user outcry that backhanders are again the only logical reason.

Slashdot : Press releases for gullible nerds, stuff that makes us money

Dear Santa.w32... (5, Funny)

Anonymous Coward | more than 8 years ago | (#14315086)

Please, please don't bring me any gifts. The bicycle you fired at me last year from your bicycle gun really tore up my insides.

-- AIM user

Re:Dear Santa.w32... (1)

Synth3t1c (881734) | more than 8 years ago | (#14315417)

Dear Santa, Could you please give me a coffin for grandpa this christmas? The rocking chair you fired at him last year killed him, and now he's starting to smell. Something like that, meh 3 futurama. now come de-mod me, my kharmas low enough

Re:Dear Santa.w32... (1)

cellojoe (920354) | more than 8 years ago | (#14315590)

santa claus is gunning... you dowwwn! hehe... good stuff

How does it work? (3, Interesting)

the_humeister (922869) | more than 8 years ago | (#14315088)

Since the user has to click on a link, I assume the browser type matters?

Re:How does it work? (3, Informative)

setirw (854029) | more than 8 years ago | (#14315127)

Not necessarily. It could be linked to an EXE or PIF, which a naïve user would open. If the target ignores all browsers' warnings about harmful EXEs, in combination with Windows's hiding of file extensions... (somefile).jpg .exe is something I've seen many times. By the way: Does IE prompt that PIF/BAT files are potentially dangerous when downloading? How about VB scripts?

Re:How does it work? (3, Informative)

Anonymous Coward | more than 8 years ago | (#14315985)

It's a '.com' (like command.com) file being distributed. User clicks accept to start the file transfer. On completion, the IM client turns the filename into a clickable link which, if clicked, starts the malicious component.

Re:How does it work? (2, Informative)

thesnarky1 (846799) | more than 8 years ago | (#14315250)

If you remember the other big IM worm a few weeks (months?) ago, browser didn't matter. Just user stupidity. So, as I said then, tell your friends and family to NOT CLICK LINKS! Unless of course, whomever im'ed them can repeat a phrase, such as "I AM a bot, you stupid fool!!!" Security at its finest.

Re:How does it work? (1)

LiquidCoooled (634315) | more than 8 years ago | (#14316241)

lol, it's not a virus...

rootkit (-1)

Anonymous Coward | more than 8 years ago | (#14315089)

All your rootkits are belong to us!

Santa's Motives (5, Funny)

setirw (854029) | more than 8 years ago | (#14315091)

better !pout !cry
better watchout
lpr why
santa claus town
cat /etc/passwd >list
ncheck list
ncheck list
cat list | grep naughty >nogiftlist
cat list | grep nice >giftlist
santa claus town
who | grep sleeping
who | grep awake
who | egrep 'bad|good'
for (goodness sake) {
be good
}

Dang, I guess he really meant the last three lines!!

Re:Santa's Motives (2)

setirw (854029) | more than 8 years ago | (#14315137)

That should be:

santa claus <north pole >town

I forgot to submit it as plain text :(

Re:Santa's Motives (5, Funny)

ErichTheWebGuy (745925) | more than 8 years ago | (#14315446)

Personally, I woulda said:
mv /etc/northpole/santaclaus ~/town
But that's just me :P

Re:Santa's Motives (1)

FidelCatsro (861135) | more than 8 years ago | (#14316193)

CD SantaClause/
SantaClause/: No such file or directory
rm -rf Christmas_hopes_and_Dreams/

Sorry to break it to you like this kids

Ho ho ho. (2, Funny)

mctk (840035) | more than 8 years ago | (#14315094)

Harmless Santa Claus file? More like insubordinate Claus file.

Re:Ho ho ho. (1)

HermanAB (661181) | more than 8 years ago | (#14315486)

Sad, no American Public School grad will catch that joke...

Re:Ho ho ho. (1)

needacoolnickname (716083) | more than 8 years ago | (#14315527)

You were funny until your American grammar sucked.

American (might be capital, but I graduated from one so I am not sure)

public school

We don't capitalize our public schools because they are not a proper noun unless we use the proper name for the school, but good shot!

Try again next time.

It's a /. story... (3, Insightful)

Trailer Trash (60756) | more than 8 years ago | (#14315095)

And an advertisement, all in one convenient package!

No (0, Redundant)

alfrin (858861) | more than 8 years ago | (#14315096)

lol, this is not a virus

I'm usually a "Happy Holidays" person, but... (1)

Caspian (99221) | more than 8 years ago | (#14315097)

HO HO HO! Merrrrrrrrrry Christmas!

(Finally, a reason for me to say that!)

Thanks, Tony! (0)

lampiaio (848018) | more than 8 years ago | (#14315162)

Now my Christmas will be GRRRRRREAT!

User's fault again (1, Flamebait)

Saven Marek (739395) | more than 8 years ago | (#14315100)

Anyone who catches this is at fault.

what happens is you get an IM message with a link. if you click it, it's your fault when it downloads.

When it downloads it is still just nothing but a file on your disk. If you accidentally click it you have a chance not to run it. Second luck, if you like.

If you then open that file and become infected, it is your own fault.

It is like being warned two times not to put your tongue on a 110v wire chasss. If you still do it you have nobody else to blame.

As they say, take the warnings off everything and let nature sort out the idiots.

Re:User's fault again (2, Informative)

mattmacf (901678) | more than 8 years ago | (#14315138)

taking the warnings off doesnt help when a worm installed across several thousand idiots starts DOSsing a site im trying to get to. licking a 110v wire shouldnt knock my power out.

regardless, it looks like just another silly aim worm (albeit with a festive holiday flair).

Goes without saying (1)

Trejkaz (615352) | more than 8 years ago | (#14315686)

"A Santa Claus worm is attempting to trick America Online, Microsoft MSN and Yahoo instant-messaging users..."

Which would be about as hard as falling off a bucket.

Re:User's fault again (1)

cheesy9999 (750203) | more than 8 years ago | (#14315928)

...and that's why it's usually my girlfriend's sorority sisters who need help fixing these fucking things.

Re:User's fault again (0, Troll)

dvaldenaire (52153) | more than 8 years ago | (#14316202)

Plus, if you choose windows as your OS, you're fully responsible in the first place...

Nice plug. (0, Redundant)

chundo (587998) | more than 8 years ago | (#14315101)

elmtree95 writes...

<snip>

IM security vendor ELMTree Software has released a patch to their ChatPatrol (www.chatpatrol.com) product to address this issue.

Nice. Nothing like free PR!

Bad information (1, Insightful)

sloanster (213766) | more than 8 years ago | (#14315103)

The article says that "it delivers unwanted software to a victim's computer"...

Um, no. It delivers unwanted software only to hapless users of microsoft OSes. Those running OSX, Linux, BSD etc are completely unaffected.

Technically You're Wrong (5, Insightful)

Afecks (899057) | more than 8 years ago | (#14315129)

It delivers it to anyone... it only works on Windows.

Sorry but if you want to nitpick, be prepared to receive the same.

Re:Technically You're Wrong (1)

techno-vampire (666512) | more than 8 years ago | (#14315165)

Not so. The main program only works under Windows, so it doesn't even download the files if you're using any other OS.

Re:Technically You're Wrong (1)

EvanED (569694) | more than 8 years ago | (#14315307)

No, if you click on the link that's presented to you regardless of OS and download it, you'll have it. It doesn't need to run on your computer to IM you; in fact, that's the exact opposite of what would happen.

Re:Bad information (0)

Anonymous Coward | more than 8 years ago | (#14315427)

What nutcases moderated this as infromative? Next you'll be telling me I shouldn't download Windows XP binaries when I want to run them under Linux.

Re:Bad information (0)

Anonymous Coward | more than 8 years ago | (#14315516)

I know this may be some groundbreaking news to you, but Windows runs on a computer. It's not like they are saying "it delivers unwanted software to any computer that ever existed".

Re:Bad information (0)

Anonymous Coward | more than 8 years ago | (#14315554)

If this worm only affects users of Windows software, and they chose to open and execute the file, then they become the victim. So yes, it does deliver unwanted software to a victim's computer. If the user is running another OS, then they are not victims. Is it that hard to understand?

Re:Bad information (1)

Burz (138833) | more than 8 years ago | (#14316124)

If this worm only affects users of Windows software, and they chose to open and execute the file, then they become the victim. So yes, it does deliver unwanted software to a victim's computer. If the user is running another OS, then they are not victims. Is it that hard to understand?

Somewhat hard, yes. The slashdot summary does not mention Windows, so the rest of us have to dig for this vital detail. That makes the incident hard to understand as reported by slashdot because the editor didn't check story background.

From the posting, how are we supposed to know about "only affects users of Windows software"?? Telepathy?

Re:Bad information (1)

gaspyy (514539) | more than 8 years ago | (#14315680)

Are you sure the "unwanted software" doesn't run with Wine?

While technically you may be correct, you're still a troll for trying to bash Microsoft on this.

Re:Bad information (1, Redundant)

Psykosys (667390) | more than 8 years ago | (#14315689)

Because most people use Windows and it's therefore targeted to that platform. Seriously though, why does every new IM worm end up on /.? There's nothing remotely new about this, people have used far more clever names to package worms than "Santa" in the past, and the worm itself possesses absolutely no new features of interest.

Okay, so I'm a Scrooge (0, Redundant)

davmoo (63521) | more than 8 years ago | (#14315113)

With all the publicity that this sort of infection has gotten over the last two years, anyone stupid enough to click on the link deserves what they get. Merry farfing Christmas.

What's next? (4, Funny)

queenb**ch (446380) | more than 8 years ago | (#14315117)

Maybe we can push the Sony root kit out via IM to all of Sony's employees. Anyone know if they have a corporate IM server?

2 cents,

Queen B

Re:What's next? (0)

Anonymous Coward | more than 8 years ago | (#14315541)

They don't.

Though they do have a corporate IRC server.

Scammers and Spammers (1)

TheUncleD (940548) | more than 8 years ago | (#14315141)

These tricks are a few of many that spammers and scammers are resolting to in order to install malware on peoples computers. Santa Clause, how ironic seeing as its the holiday season and people are susceptible.

Microsoft provides this URL for users to immediately get rid of the latest Malware: Remove Malware [microsoft.com]

ironic? (2, Funny)

Afecks (899057) | more than 8 years ago | (#14315153)

how ironic seeing as its the holiday season and people are susceptible

I don't think that word means what you think it means...

Re:ironic? (1)

boxofjack (915300) | more than 8 years ago | (#14315192)

How ironic that you had to correct him.

Re:Scammers and Spammers (1)

rodgster (671476) | more than 8 years ago | (#14315476)

or instead of being spoon fed by MS, you could...

start--->run--->mrt---->ok

A Christmas Message from the Scott Lockwood Family (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#14315142)

***FART***

Watch out! (2, Funny)

techno-vampire (666512) | more than 8 years ago | (#14315159)

Oh, you better watch out,
You better not cry,
You better not chat,
I'm telling you why:
Santa Worm is coming to town!

ChatPatrol (1, Interesting)

Anonymous Coward | more than 8 years ago | (#14315164)

So... can I get the source to this blatant ripoff of gaim?

Elmtree must be the stupidest company I've seen. They rip off gaim, and then write a post to slashdot: the place where the users are most likely to call them on their infringement!

Re:ChatPatrol (4, Informative)

Anonymous Coward | more than 8 years ago | (#14315403)

It's not even a ripoff of Gaim, it's just a lousy non-free, non-Free, Windows-only plugin for the commercial IM clients, being hawked using an account which is employed for that purpose only. elmtree95's one and only /. post [slashdot.org] .

Does it install a clue for users silly enough to download and run executables being pushed by anonymous strangers?

"IM security vendor." How pathetic.

Editors, please don't put spam stories like this on the site. That's all it is.

Re:ChatPatrol (1, Flamebait)

PitaBred (632671) | more than 8 years ago | (#14315420)

Or perhaps you're simply stupid yourself, and unable to understand the brief verbage on their site.
That screensot? That just shows that they work with Gaim [chatpatrol.com] . It's an IM security/encryption program that runs transparently basically as a proxy from what I can tell. They don't have an IM client themselves.
Oh, wait... write first, comprehend later. I'm the first to get on someone ripping off open source, but this ain't one of those times, and all it would have taken was using your brain before you typed to figure that out.

Re:ChatPatrol (0)

Anonymous Coward | more than 8 years ago | (#14315567)

You're right, my bad. I saw a crappy web page with a gaim screenshot and jumped to an incorrect conclusion.

Re:ChatPatrol (1)

khellendros1984 (792761) | more than 8 years ago | (#14315544)

You've got to admit, though....it's kinda goofy for them to show gaim on their front page, when there are already several very good encryption plugins for it already.

Will it run under wine? (1)

tibbst (231060) | more than 8 years ago | (#14315173)

Probably don't want no wino Santa at my house anyhow. I'll stuff my own stockings, thanks.

Say it with me people (1)

Billosaur (927319) | more than 8 years ago | (#14315175)

Don't click on links in strange IMs!!!

Does anyone listen? No. You know who gets these things? Sad and lonely people, and at this time of year, they are especially vulnerable.

Re:Say it with me people (0)

Anonymous Coward | more than 8 years ago | (#14315229)

lol no its not a virus.

Re:Say it with me people (1)

MacDork (560499) | more than 8 years ago | (#14315326)

Don't click on links in strange IMs!!!

That sounds an awful lot like "Don't open strange email attachments!!!" I do both and I have no problems. My secret?

Keep a recent backup and use a more secure OS. (Thanks to that second bit, I've never needed the first.)

Re:Say it with me people (1)

Suddenly_Dead (656421) | more than 8 years ago | (#14315347)

You know, oddly enough, I have sent links to executables, and transferred executables to friends. I don't always provide a lengthy explanation as to what it is either. How can you really define "strange", especially to people who don't have a built-in scam detector?

Re:Say it with me people (0)

Anonymous Coward | more than 8 years ago | (#14315448)

I have sent links to executables, and transferred executables to friends. I don't always provide a lengthy explanation as to what it is either

If you do not provide an explanation, they cannot know if your mail is trustworthy. People like you actually are helping the bad guys. People will never be able to se the difference between a legit mail from you, or a malicious message that contains a virus.

Re:Say it with me people (1)

HermanAB (661181) | more than 8 years ago | (#14315532)

Well, why the fsck should clicking on a something fsck your whole system?

What about Google? (1)

nnorwitz (585326) | more than 8 years ago | (#14315206)

I can't believe there's an article on /. that mentions Yahoo, MSN, and AOL, but not Google. They must feel so left out.

Did someone finally impose a Google limit on /.?

Re:What about Google? (1)

Mr. Freeman (933986) | more than 8 years ago | (#14315244)

It probably doesn't use Google talk to "spread".

Re:What about Google? (1)

HermanAB (661181) | more than 8 years ago | (#14315501)

When 95% speaks, 5% listens.

Human stupidity strikes again (1)

Mr. Freeman (933986) | more than 8 years ago | (#14315224)

He who does not have anti-virus software nor the common sense not to click on the link nor the common sense not to run the file deserves what's coming to them.

This really isn't any different from the morons who message random people telling them to download sub 7.

It can't just be me.... (3, Funny)

ShyGuy91284 (701108) | more than 8 years ago | (#14315293)

The thought crossed my mind that the "delivers unwanted software" hyperlink would be a hotlink to the virus. I know if I were sadistic enough I would have done it in samzenpus's place.....

Oh no (1)

rolypolyman (933130) | more than 8 years ago | (#14315333)

This doesn't bode well. I think AOLers are just now getting up to speed on the "good times" virus.

How much does a story like this cost? (4, Insightful)

trance9 (10504) | more than 8 years ago | (#14315342)

So is slashdot running paid stories now? How much to I have to pay to have a story of my choice run and mention my company like this?

Re:How much does a story like this cost? (2, Interesting)

detlev409 (673380) | more than 8 years ago | (#14315519)

Agreed. I call shenanigans. Check out Elmtree's profile [slashdot.org] . This account was created with the express purpose of promoting the ChatPatrol product.

This is nothing more than an underhanded marketing attempt, piggybacking on a genuine virus alert. OOoo...the shadiness...

Re:How much does a story like this cost? (4, Informative)

detlev409 (673380) | more than 8 years ago | (#14315547)

Agreed. I call shenanigans. Check out Elmtree's profile [slashdot.org] . This account was created with the express purpose of promoting the ChatPatrol product.

This is nothing more than an underhanded marketing attempt, piggybacking on a genuine virus alert. OOoo...the shadiness...

Re:How much does a story like this cost? (0)

Anonymous Coward | more than 8 years ago | (#14316036)

Damn, this Skyy vodka must be really good. I could have sworn I just saw the exact same post a bit ago!!!

mod Up (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#14315376)

National gay niiger this exploitation, Shouts To the In ratio of 5 to that have raged 40,000 workstations continues toChew the reaper BSD's at times. From for membership.

Ding Dong... (1)

everithe (915847) | more than 8 years ago | (#14315395)

MERRY CHRISTMAS!

santa (0)

Anonymous Coward | more than 8 years ago | (#14315415)

it's the damn .com windows extension.. people think it's a website executable!

your mom's santa clause.. ho ho ho ;)

IM Logic withholds details of Santa Claus worm, un (3, Interesting)

themepsp (918377) | more than 8 years ago | (#14315455)

Please read this post regarding IM Logic: http://security-protocols.com/modules.php?name=New s&file=article&sid=3135 [security-protocols.com] "If you have been looking for more details on the IM.GiftCom.All threat, you won't find them. Why, you ask? Two reasons, first, IM Logic didn't release any and second, you are most likely not an IM Logic customer. IM Logic withholds details of Santa Claus worm, unless you're a customer IM Logic withholds details of Santa Claus worm, unless you're a customer On Dec. 19th IM Logic released an advisory about a worm spreading through all major IM clients. See advisory for details, or lack thereof. You will need to search for IM.GiftCom.All at http://www.imlogic.com/im_threat_center/index.asp [imlogic.com] If you have been looking for more details on the IM.GiftCom.All threat you won't find them. Why, you ask? Two reasons, first, IM Logic didn't release any and second, you are most likely not an IM Logic customer. IM Logic did not publicly release any actionable information that would help the community at large. Not because they don't have the details, but because they only share that with paying customers, according to Tim Johnson, the Director of IM Logic's threat center. Mr. Johnson also said that "this is not unethical" and he doesn't see what all the fuss is about. All you have to do is buy the company's product and you will be protected. Johnson did mention that they have a process they follow. They first create the signatures for their products, and then they notify all the affect vendors. Don't worry; the vendors will fix it ASAP. Then they tell the antivirus vendors about what they know. Hopefully they can detect and stop any current infections, if not...your screwed. Then you as a non-customer have the opportunity to wait for a signature to come out by your antivirus vendor so that you can tell if a hacker has a rootkit loaded in your environment. Oh wait, darn it, I almost forgot, according to the official advisory, antivirus vendors can't detect Santa Claus; apparently Santa can put your antivirus to sleep. I always thought Santa knew if you were sleeping, not able to put you to sleep; but I digress. So what is the world and security community supposed to do? Well according to IM Logic, pay them the money and they will take care of it for you. Hmm, I wonder where else we find this type of behavior. Hold on guys, Toni the Bull is at my back door, brb, need 2 make my "insurance payment" AFK.... Back, sorry it took so long. I just hurt my knee; I was short on my "insurance payment" this month. Anyway, haven't we been down this road before? Security companies should follow the same procedures that ethical and responsible researchers follow when disclosing vulnerabilities. Most companies are responsible, those that aren't... should we reward them by purchase order? Not this security guy. "

late comers... (1)

Chaffar (670874) | more than 8 years ago | (#14315491)

The Santa worm is the latest tactic to be used on IM networks. Past tricks have included offers of movie clips to the latest release of "Star Wars" that instead led to an infected computer.

Yes that should definitely fool the 3 people who still haven't watched the movie into clicking on the link...

[Friend_1] Hey d0od check out this clip of the latest Star Wars...
[Friend_2] No thx just send me the .torrent...

If you are dumb enough to fall for this (1)

anotherlogan (935804) | more than 8 years ago | (#14315521)

They must already have your paypal account info, your Bank of America info, and your social. The words, "your account has been restricted," = we're fishing for your info. Seriously, since the days of Prodigy, people have been trying to steal your info. If you are dumb enough to fall for this, you deserve it. And my email account is still through AOL. I just saw a commercial that AOL supposedly protects against this crime. Why do I get get 10 emails a day that my account has been restricted? Because I allow Slashdot to post it, that's why.

Someone will do it (1)

ThePengwin (934031) | more than 8 years ago | (#14315723)

Believe me. People WILL click the link. They always do.
There always is one stupid person who starts it all.

i call for a "You Must be this smart to use the internet" Logo whenver you use the internet! :P

and on that note, cue the jingles....

A duplicate already?? (0)

PowerBert (265553) | more than 8 years ago | (#14315746)

This linux screensaver virus was only posted a little while ago [slashdot.org] .

It just gets worse and worse *g*

Silent delivery of Linux to the desktop, I think it's the way forward!

PS. No I didn't RTFA

mod dow8 (-1, Flamebait)

Anonymous Coward | more than 8 years ago | (#14315861)

With 4n7 sort

I guess i'll be getting coal in my stocking... (0)

Anonymous Coward | more than 8 years ago | (#14316086)

I use Gaim.

ask first! (1)

deckert_za (837816) | more than 8 years ago | (#14316245)

Man, these people are so dumb. I asked first if it was a virus and my friend told me "lol, no its not a virus" and I just *knew* I was safe. Always ask first! ;-)
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?