Stories
Slash Boxes
Comments

Slashdot

News for nerds, stuff that matters

[ Create a new account ]

Sections

Help

FAQ
Bugs

Stories

About

Services

Jobs

Slashdot Log In

[ Create a new account ]

IM Worm Attack Cloaked in Virtual Card Hoax

Posted by CowboyNeal on Sat Sep 23, 2006 08:10 AM
from the giving-props dept.

An anonymous reader writes "There's a new Instant Messaging Worm on the loose that is wrapped up in more than a few interesting twists. The people behind the infection lure users in with a message on a Russian hosted website claiming to have 'a virtual card for you' — a reference to the famous Email hoax listed on Snopes and numerous other web hoax sites. At the point of infection, the worm opens up a picture of a heart (from a site called Quatrocantos.com that tackles web scams on a daily basis) — this picture itself related to a different 'virtual card' hoax from 2002. Bearing in mind the people behind this attack are deliberately serving up an image from a 'good guy' website related to virtual card hoaxes, the question is — are they attempting to create a real life infection out of a web-based piece of lore, making a calculated move to tie this attack into numerous Web hoaxes, possibly to confuse infected users looking for help online or simply having a little fun at the good guy's expense?"

[+] (tagging beta)

This discussion has been archived. No new comments can be posted.

IM Worm Attack Cloaked in Virtual Card Hoax | Log In/Create an Account | Top | 31 comments | Search Discussion

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Without JavaScript enabled, you might want to use the classic discussion system instead. If you login, you can remember this preference.

All of it. (Score:2, Insightful)

by Abreu (173023) on Saturday September 23 2006, @09:08AM (#16166813)

are they attempting to create a real life infection out of a web-based piece of lore, making a calculated move to tie this attack into numerous Web hoaxes, possibly to confuse infected users looking for help online or simply having a little fun at the good guy's expense?

All of the above?
- 1 reply beneath your current threshold.
Stupid (Score:4, Insightful)

by Dan East (318230) on Saturday September 23 2006, @10:00AM (#16167151)
(http://dexplor.com/)

It's rather stupid for them to link to an image out of their control - especially considering it is hosted by their "enemy". Now Quatrocantos can change the image to display a warning that the user's computer was infected. I think that is more of an insult to or vendetta against Quatrocantos than it is some sort of cloaking or other intelligent design.

Dan East
- Re:Stupid? Maybe not. by Gary W. Longsine (Score:2) Sunday September 24 2006, @12:20AM
Newsworthy? (Score:1)

by madsheep (984404) on Saturday September 23 2006, @10:57AM (#16167545)
(http://www.securityzone.org/)

All kinds of viruses, trojans, and worms that we hear about on an almost daily basis now are nothing new and if you notice the articles they normally do not claim they are. Trojans going around on MSN, AIM, Yahoo!, Jabber, IRC, E-mail, Microsoft Messenger, Randor random web searching, or anywhere else have been around for many many years now. Is this even newsworthy? In my opinion it is not.
This is not "news for nerds"... (Score:2)

by Old Man Kensey (5209) on Saturday September 23 2006, @11:19AM (#16167737)
(http://www.orion-com.com/)

...or for anyone else who's checked the contents of their spam folder lately. I've been getting announcements that "you've been sent an e-card" with a link to an .exe on a bare IP address or a foreign site with a nonsensical DNS name for... years? Many months, definitely.
- Re:This is not "news for nerds"... by RKBA (Score:2) Saturday September 23 2006, @03:25PM
Template for this story (Score:4, Insightful)

by Sloppy (14984) on Saturday September 23 2006, @11:53AM (#16168001)
(http://www.biglumber.com/ | Last Journal: Tuesday September 18, @12:25PM)

Hostile code was sent to prospective victims, in the hopes that they would either be dumb enough to run it, or dumb enough to run client software that "helpfully" runs it for them. Of course, the hostile code should be run without any sandboxing, with all the same capabilities as the victim.
Now take this template, and fill it in with irrelevant and uninteresting details. Maybe the hostile code poses as something the victim has seen before. Maybe stress how amazing it is that people still fall for it. Maybe stress how amazing it is that people still run client software that supports easy execution of hostile code. Maybe leave all this out, so that the victims' ignorance isn't mentioned and therefore the hostile code sounds all the more threatening -- i.e. IT COULD HAPPEN TO YOU, SO YOU BETTER BE SCARED (small print: if you're a fucking idiot who hasn't learned anything in the last decade or so). Now your article is ready to be submitted to Slashdot as a major story.
- Re:Template for this story by Anonymous Coward (Score:1) Saturday September 23 2006, @12:18PM
  - Re:Template for this story by Sloppy (Score:2) Saturday September 23 2006, @03:01PM
Conjecture (Score:1)

by LordRefaIV (1004775) on Saturday September 23 2006, @02:08PM (#16168991)

Given that there are direct references to two different virtual card hoaxes in the "attack" itself maybe everyone's looking at it from the wrong slant...

My gut reaction is that this is some (extreme) degree of internet art. This article [about.com] about hoaxes being essentially viruses in and of themselves says a lot about what may have motivated this particular form of expression.

Maybe whoever made this virus was making a statement about what is "known" (What is well known not to be a virus). They may have also been making a statement about anti-hoax information and/or the "truth".

I didn't read the initial article, mind you -- but the blurb cut seemed to have everything essential in it already.
- Re:Conjecture by LordRefaIV (Score:1) Saturday September 23 2006, @08:02PM
- 1 reply beneath your current threshold.
Old News (Score:1)

by jproffer (766368) on Saturday September 23 2006, @11:08PM (#16172307)

This news is a bit stale - the attack started several weeks ago, and most AV vendors detect the binary in question..
- 1 reply beneath your current threshold.
don't use eCards! (Score:1)

by AlgorithMan (937244) on Sunday September 24 2006, @06:46AM (#16173839)
(http://www.algorithman.de/)

when you send an eCard to someone, you have to submit your email adress and the email adress of the recipient... and guess what - the eCard providers sell these email adresses to spammers! - surprise surprise! did you think they had done the programming work and offer the service and their traffic for free?
I read all the traffic and learned nothing (Score:1)

by Douglas Goodall (992917) on Sunday September 24 2006, @07:50PM (#16179549)
(http://www.goodall.com/)

I was interested as to whether there was anything new to learn about this attack that would make me safer in the future. I use all the operating systems because I can write programs for all of them. Each has it's benefits and it's liabilities. Reading through these responses was a complete waste of time and used up today's quota of time for reading /.
"malicious thingy" (Score:1)

by tt074295 (1005785) on Thursday September 28 2006, @10:43AM (#16230465)

Much of the work done by several programs are invisible to user. People behind it attempt to attack dumb user by hiding themeselves behind this 'good guy' image. User absolutely has no idea of what they had received by accessing all the files, programs and webpages. Then the virus attack everything the infected user touch. Moral of the story: "Update the antivirus regularly to detect any 'malicious thingy' and ignore spam emails."
- Re:"malicious thingy" by Mr.BoBo-TT074226 (Score:1) Friday September 29 2006, @01:22AM
virus..... (Score:1)

by Mr.BoBo-TT074226 (1005779) on Friday September 29 2006, @01:28AM (#16241861)

come on...of course virus are always on the loose...that is why there are a thingy that is called 'antivirus'. it could check if there is any error in the system.so....update your antiviruses...
Re:Can't it be both? (Score:4, Informative)

by enharmonix (988983) <enharmonix+slashdot@gmail.com> on Saturday September 23 2006, @08:34AM (#16166645)
(http://enharmonix.blogspot.com/)

Probably both, but I'd venture mostly to confuse users. From Symantec [symantec.com]:

Symantec Security Response encourages you to ignore any messages regarding this hoax. It is harmless and is intended only to cause unwarranted concern. Please ignore any messages regarding this hoax and do not pass on messages. Passing on messages about the hoax only serves to further propagate it. [emphasis theirs]

Why, any "web savvy" user knows they can safely disregard warnings about virtual cards being viruses. Frankly, I find this a little disturbing (though I guess it was bound to happen eventually)...

[ Parent ]
- Slightly different. by khasim (Score:2) Saturday September 23 2006, @09:21AM
- 1 reply beneath your current threshold.
Re:PLEASE POST UPFRONT THE OS IT TARGETS (Score:2)

by Ucklak (755284) on Saturday September 23 2006, @09:26AM (#16166913)

I believe the ttile should be 'MS IM Worm Attack Cloaked in Virtual Card Hoax'

[ Parent ]
Re:Can't it be both? (Score:3, Funny)

by Goaway (82658) on Saturday September 23 2006, @10:04AM (#16167175)
(http://wakaba.c3.cx/)

It's NEVER both! It's always EITHER, OR! Anything else would be MADNESS!

[ Parent ]
- Re:Can't it be both? by YellowFellow (Score:1) Saturday September 23 2006, @10:45AM
Re:PLEASE POST UPFRONT THE OS IT TARGETS (Score:1)

by pedalman (958492) on Saturday September 23 2006, @10:18AM (#16167275)

After all, Netcraft has confirmed it.

[ Parent ]
4 replies beneath your current threshold.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2008 SourceForge, Inc.