Posted on 03/11/2005 2:11:21 PM PST by Ernest_at_the_Beach
A record number of new computer worms have swept through instant messaging networks in recent weeks, turning computers into remote-controlled zombies and sparking battles between rival virus-writing gangs.
In the past viruses have hijacked IM networks but most arrived in email worms such as Netsky and MyDoom. "What you are seeing now is an outright focus on IM," says John Sakoda of security firm IMlogic in Waltham, Massachusetts, US. The company has recorded 26 outbreaks so far in 2005.
This focus is "a direct reflection of how prevalent the technology is", says Oliver Friedrichs of the anti-virus software vendor Symantec, based in Redwood City, California. The number of IMs sent per day is predicted to grow from 11.4 billion in 2004 to 45.8 billion in 2008, according to the Radicati Group, a California market research firm.
Other reasons why virus writers are increasingly preying on IM networks may be the growing awareness of computer users to virus-loaded emails and the successes of anti-virus companies in stamping these out, says Stowe Boyd of Corante, a technology news service for entrepreneurs located in Reston, Virginia.
IM worms employ similar tricks to email worms. Kelvir, which surfaced on Sunday, and the 6-week-old Bropia, both install software called Spybot that turns the computer into a zombie by handing remote access to its hard drive to a virus writer.
Meanwhile Serflog, which appeared on Monday, features expletives targeting the author of the email worm Assiral that attempted to kill off Bropia, mimicking the virus-writer wars that have been played out via email worms.
"What is different is simply the way that they spread," says Friedrichs. Unlike email, which stores messages until a person checks them, an IM can only be sent if the recipient is also online. So an individual's IM software, known as the IM client, is constantly communicating with other IM clients to check who else is online.
Bropia exploits this by inserting a copy of itself inside the internet packets that alert other computers that someone new has come online. It automatically infects everyone who has subscribed to exchange messages with the infected computer, a group of contacts known as a "buddy list". As people may have several buddy lists, a virus can spread very quickly using this mechanism, says Sakoda.
Other IM viruses mimic the spreading tactics of email worms that forward themselves to everyone in a victim's address book. Serflog (also known as Fatso and Sumom) and Kelvir automatically send malicious links to everyone on an infected computer's buddy lists.
The links are labelled with phrases designed to tempt, including "How a blonde eats a banana". But when the recipient clicks on them, he or she is asked to execute a file, which results in infection.
People often click on these links because they appear to come from a trusted contact. However, Friedrichs points out that once the security community knows about the virus, it is relatively easy to remove the malicious code from the website to which the link points. Kelvir has already been eradicated in this way.
However, in future, IM viruses might turn infected computers into web servers that host the malicious link, making it much harder to remove the offending URL.
More likely to protect IM is the fact that people tend to have far fewer contacts stored in their buddy lists than their email address books, says Boyd, because it is a more intimate form of communication. "It's the difference between shaking hands and having sex," he says.
Anyone using instant messaging?
We use the IM in our Netscape browser which is the AOL IM stand alone program.
I'm not sure I understand this but I thought I read that you are vulnerable if you click on a link that someone sends within the IM program???
Not me. I found it more of an annoyance for the most part, and although I have programs on the computer for IMing, I don't use them.
Shades of 'the great hacker war' of the 80's and early 90's?
Anyone using instant messaging?
======
Here's my response to your instant message -- You are !!! ;-))
Interesting. Thanks for posting.
bump
Doggone Cyber Crips and Binary Bloods!
th4t teh sux, d00d
LOL!
Back when it happened, it tied up phone lines ad clogged telnet sites.
computer disaster ping
As I type this, I am receiving an MSN IM titled "Wild Anna Nicole"...yeah, I'll open that (NOT)...;-)
Instant messaging isn't the same as e-mail is it?
Lordy, no!
Shoot the Messenger: Close that !@$%! Messenger in Windows...
NO!
Are you running Windose XP Home Edition?
Yes I am.
So you do have the Instant messenger feature, which is likely to be on automatically.
Although that may depend on whether you have SP1 or SP2.
Would suggest you change ...whatever... so that it does not start automatically.
Somewhere there are panels to change startup options, not on top of that myself.
Thanks, Firebrand!
This is exactly what happened to me, right after DLing an instant messenger system. In fact, it's a miracle I was able to get on and read this, as previous attempts have failed.
This may also be my last post in several days, as I'm going to have to make do with a temporary, modemless computer while this one has major surgery.
Pretty soon these b*stards are going to find a way to spread these things through message boards. All that creativity, put to such malicious use.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.