Posted on 03/07/2005 3:27:17 PM PST by RebelTex
New worms spreading through MSN Messenger -- and its bundled-with-Windows Windows Messenger version -- via links to a malicious site are infecting users and leaving their PCs open to hacker hijack, security vendors reported Monday. The new worms, tagged as Kelvir.a and Kelvir.b, appeared over the weekend and on Monday, respectively, anti-virus vendors said. Both use the same mechanism to attract users and infect Windows-based PCs: they include a link in the instant message. That link, in turn, downloads a malicious file -- the actual worm, a variant of the long-running Spybot -- which opens a backdoor to the compromised machine.
Kelvir spreads by sending itself to all the MSN/Windows Messenger contacts on the infected PC, and poses as cryptic messages such as "lol! see it! u'll like it!" and "omg this is funny!" The link opens a .pif-formatted file.
.pif files are also often a format-of-choice for mass-mailed worms.
Also on Monday, another worm -- dubbed Sumon.a by U.K.-based Sophos -- was discovered spreading via MSN/Windows Messenger. Sumon, which propagates over peer-to-peer file-sharing networks as well, is much more aggressive. It disables a long list of security software, tries to overwrite the HOSTS file so commonly-accessed security Web sites can't be reached, and picks from a large number of links, including "Fat Elvis! lol!" and "Crazy frog gets killed by train!" to entice downloads.
(Excerpt) Read more at techweb.com ...
(Yeah - I know, get an Apple or install Linux. No time to learn a new system - stuck with XP.)
The last paragraph in the article offers a website with a free download of an IM Detector.
"IMLogic runs the IM Threat Center, a site that, in cooperation with anti-virus vendors including Symantec and Sophos, has been listing emerging IM and P2P exploits since December, 2004. The company also offers a free IM threat analyzer, called IM Detector Pro, for download from its site."
oops - forgot the link to the IM Detector website.
http://www.imlogic.com/products/im_detectorpro.asp
There ya go - let me know if anyone trys it and it's any good.
Run AMSN instead -> http://amsn.sourceforge.net/
Crapppppppppp! My kid is home for spring break bump.
Very good suggestion!
PING.
Yeah, the legal system is too good for them. I wouldn't be upset with a little street justice.
It's like someone tries to break into your home, so you install a security system. They come back, you add more security. They come back, you add even more security.
At some point you just want to beat the crap out of them.
Just sent my son an IM telling him not to click on links... and provided a link to the warning site.
This will be interesting to see how he reacts.
bump to do later this PM. Thanks for the information
Migrating to Mac takes a lot less time that continually dealing with Microsoft viruses, worms and spyware. Windows is the ultimate time waster.
UH OH.
Does that mean if 'you' have downloaded the spybot 'detection program', that 'you' have downloaded a worm/virus/bug/etc???
MSN Virus ping
Laugh!
Catch 22.
Some of us have similar situations, and don't have the luxury of ditching Windows. After last July's nasty hijacker, I tried Mandrake 9... until the wife-unit turned on me. She uses Win2K at work and brings piles of it home. That, plus hardware problems, made it just not worth it.
LOL - maybe you could try:
1. Make the computer off limits (yeah, right).
2. Upgrade to a new system, but don't open the box until spring break's over (yeah, right).
3. Threaten to take away the keys if... (wait, that's the car - nevermind).
4. Reformat the hard drive and reinstall (yeah, right).
5. Disconnect the cable or modem or don't pay the ISP, they'll disconnect for you, (yeah, right - and be without FR until break is over? - nah).
6. Take a vacation without the kids, but take your computer with you (yeah, right).
Well, I tried - can't win them all.
LVM
Does that run on WinXP? And does it use any core messenger technology?
I don't IM anyway, so I'm not too worried about this threat.
Thanks, anyway.
Install an antivirus program or better yet, an internet security suite; keep it up to date using the auto update feature; and configure it to scan instant messages, as well as every file you open. I can't guarantee that you will never get a virus, but you will have to work pretty hard to get one.
Of course if we all went out and brought an Apple or used Linux and Firefox, then we would be immune to viruses, at least until Apple, Linux, and Firefox capture enough market share to make writing viruses for those OS's and applications worth the effort. I guess that's one of the really good things about marketing a product that relatively few people want or use or even know or care about.
Ain't that the truth.
I use Trillian for all of my IM programs. I wonder if it will block this from happening....
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.