Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Security IT

Microsoft Messenger Virus Hits Reuters IM 275

Posted by CowboyNeal from the irc-cowers-in-fear dept.
steman writes "Reuters had to temporarily shut down its private instant messaging service after being targetted by the W32/Kelvir-Re trojan. Reuters Messaging is implemented with Microsoft messenger technology and has more than 60,000 users. When activated, the Kelvir trojan sends itself to all users contacts via email and IM. Francis deSouza, chief executive of computer security provider IMLogic, said 'It just generated a flood of instant messages, so it suddenly slowed down the network for legitimate traffic. This is certainly a wake-up call, IM is just like any other communication media. The media needs to go hand-in-hand with security.'"
This discussion has been archived. No new comments can be posted.

Microsoft Messenger Virus Hits Reuters IM More

Microsoft Messenger Virus Hits Reuters IM

Comments Filter:

  • Duh! (Score:2, Insightful)

    by McGiraf ( 196030 )
    "This is certainly a wake-up call, IM is just like any other communication media. The media needs to go hand in hand with security."

    well duh!

    • AOL,Yahoo & MS (Score:4, Interesting)

      by goombah99 ( 560566 ) on Saturday April 30, 2005 @11:58AM (#12392355)
      so does AOL and yahoo also have these sorts of breeches from time to time? or is this just another MS exclusive?

      Not trying to flame here but there is always this raging debate on whether MS is the brand for those desiring insecure solutions or if its just a matter of size making it a media of exponential viral growth. We have one key data point which is that its' web server technology gets hacked more than say, Apache. It's important since Apache is as big as MS in that, neutralizing partly the size issue (al beit Apache is less homgenous than MS server so it's not perfect)

      Now we have an IM data point. This is more interesting since here we do have three homgenous IM sources of large size AOL, MS and Yahoo. So I wonder how often these other brands get hacked. Anyone know?

      • Re:AOL,Yahoo & MS (Score:3, Insightful)

        by penix1 ( 722987 )
        Microsoft makes itself a big target not only politically but technologically. It is their "extend, embrace, extinguish" attitude that got them into this mess (and other messes as well) when they integrated all their competition's code into the OS. It is sad really that "innovation" to Microsoft really means "acquire".

        B.
      • AOL IM has had plenty of security holes as well, it's just more in vogue to bash MS on Slashdot.

        Google [google.com]

        Another question is does Trillion or other third party IM tools that connect to these networks have similar security breachs?

      • We have one key data point which is that its' web server technology gets hacked more than say, Apache.

        Can you point me to the list of security problems that IIS6 has experienced? Or are you just basing your point on outdated information?

  • We haven't had that wake-up call yet? (Score:5, Insightful)

    by rlamoni ( 443974 ) on Saturday April 30, 2005 @11:37AM (#12392263) Homepage
    I think many IT departments restrict the use of IM software for this very reason.

    • Re:We haven't had that wake-up call yet? (Score:5, Insightful)

      by Richie1984 ( 841487 ) on Saturday April 30, 2005 @11:46AM (#12392290)
      Which is a shame because whilst IM can be used for a lot of negative purposes, such as transfering virii or timewasting, it can also be used for a lot of positive reasons in business. For instance, it can provide, in my view, a more rapid and more effective way of communicating over long distance than email (obviously if both users are online at the same time). This can lead to greater communication within a company. IT departments should think carefully before banning IM programs across the board.
      • I'v never "gotten" IM. never even tried it. I could never see why it was better than a phone call. Anyone care to explain this to me?

        • Re:Why is IM better than a phone? (Score:5, Insightful)

          by TeknoHog ( 164938 ) on Saturday April 30, 2005 @12:07PM (#12392413) Homepage Journal
          When you're discussing technical matters, it's easier to type a piece of source code or something, than spell it over the phone, hoping the recipient gets it right.

          When you're in a deep hack mode, typing a message is much less distracting than talking to someone.

          • Very true.

            I frequently IM myself as a low-budget cut-and-paste between my computers. It requires 1 screenname for each machine, but it works great.

            Most of the people on my team also use IM for the same purpose. We'd explored using jabber-based chat, but AOLs infrastructure is hard to beat.

            Since AOL added the ability to have encrypted IM sessions between users, I don't have to worry about getting my sessions intercepted either.

            A few years back, there were a rash of problems with users having their IM IDs
        • It doesn't require you to sync up.

          You can hold multiple conversations at the same time.

          It indicates if somebody is in, without disturbing them like a phone call does.

          I can deal with them in the order I choose, unlike phone calls.

          You're comparing them to the wrong thing. Phone calls and IM's are different enough that they complement, not compete. E-mail, however, is closer to a competitor for IM.

          We're trying out Office Communicator, and despite the fact that the UI was done by an absolute moron (can't
          • It doesn't require you to sync up.

            You can hold multiple conversations at the same time.

            It indicates if somebody is in, without disturbing them like a phone call does.

            I can deal with them in the order I choose, unlike phone calls.

            Ah, you mean IRC.
        • It's perhaps the only form of synchronous communication that is asynchronous enough that you can carry on multiple completely independent instances of it at once. In other words, I can have 5 or 6 completely separate conversations on IM at once, whereas I can only have one of those one the phone.

        • Re:Why is IM better than a phone? (Score:5, Insightful)

          by sydb ( 176695 ) <[michael] [at] [wd21.co.uk]> on Saturday April 30, 2005 @12:16PM (#12392457)
          1. Maybe you should try it then you might understand it?
          2. IM is not really Instant, it's almost-Instant, which means you get a chance to read what you're about to say.
          3. Go right ahead and type, you don't need to wait for the other party to finish their utterance
          4. you can copy and paste things into IM. That's quite hard over a phone call
          5. you get a log of the conversation. So if you need to go back and check a fact, you can. It's possible to record phone calls too but in IM it's automatic and it's much easier to search text than audio.
          6. By logging into IM you are announcing your availability for chat. Not so with a phone call, which is a polling system (ring ring)
          7. Lying requires less work
          8. But really you have to TRY something before you DISMISS it.
          9. there's probably more.
          • 5. you get a log of the conversation. So if you need to go back and check a fact, you can. It's possible to record phone calls too but in IM it's automatic and it's much easier to search text than audio.

            In some states it's also illegal to record phone conversations without consent, I don't belive that protection extends to IM conversations. It's not something you usually have to worry about, but if you're IM'ing with your manager having a record of exactly what was said could save your bacon.

        • Ever used IRC? Email? (Score:2, Informative)

          by SaDan ( 81097 )
          If you have used either IRC or email, then you have no reason to not "get it".

          IM is just a faster version of email, and pretty much the same thing as IRC (with a dumbed down interface).

          Others have stated the merits of asynchronous communication via IM (just like in email/IRC), and the ability to communicate with more than one party at the same time.

          IM doesn't make sense for everyone (I don't use it at work, others do). Some people do not need or appreciate the positive aspects of IM.

      • Re:We haven't had that wake-up call yet? (Score:5, Insightful)

        by FriedTurkey ( 761642 ) on Saturday April 30, 2005 @12:27PM (#12392518)
        When our IT department took away IM, I thought it would decline the my productivity. It actually increased my productivity and I would never want IM back. There were too many annoying IMs from people who can immediately IM you with total crap. They first take some time to look at it themselves now because they have to expend extra effort to get on the phone or send an email.

        Having IM is kinda like having everyone at your company working in your cubicle. Anyone can just blurt out some kind of crap without thinking it through.

        Try turning off IM for a day and see how much real work can get done.
        • When our IT department took away IM, I thought it would decline the my productivity. It actually increased my productivity and I would never want IM back

          There's plenty of people who would say the same thing about many modern conveniences. The funny thing is, you basically admit that it was your use of IM that was the problem.

          This is typical. Person A has a problem where they can't stop using item X. Person A therefore campaigns for the restriction of item X, regardless of the positive results of other
          • This is typical. Person A has a problem where they can't stop using item X. Person A therefore campaigns for the restriction of item X, regardless of the positive results of others, and infringing the rights of all other persons who can actually control themselves.

            Infringing on rights? Having IM at work is not a Constitutional right.

            That's great when you have a choice of IM. If IM is allowed at work, the managers are going to require me to sign-in everyday. I really don't have a choice when somebody IM

    • I think many IT departments restrict the use of IM software for this very reason.

      An increasing number of companies are rolling out IM in house. Set it up so your staff has access to your own secure thing and it's at least held within the VPN.

      In this case, their in-house solution was based off Microsoft stuff that got breached. It sucks, but road warriors (and those clueless people that always download this stuff no matter what) cause this.

      The scary thing is that corporations have such large internal

  • Why isn't filtering more instantaneous? (Score:3, Insightful)

    by PornMaster ( 749461 ) on Saturday April 30, 2005 @11:40AM (#12392270) Homepage
    Hell, I get 3-4 "(i from forum)" add-to-contacts requests a day if I leave ICQ up. That's something that could easily be blocked with some kind of regex on the ICQ servers. It's really frustrating that there aren't more spim blockers implemented.
  • Isn't this why Microsoft forced me to upgrade MSN Messenger to a version that wouldn't even _INSTALL_ on my computer?

    I had to copy a good installation file by file to get the new version.

  • How inconveniant (Score:2, Insightful)

    by Anonymous Coward

    Ofcourse with access like this someone could have started a rumour that saudi ariabia would decrease/increase oil production, a merger between X and Y was going through/south, public figure x was assasinated, or a group calling itself l337 cr3w had bombed a major oil pipeline. If convincing, the rumour might be spreaded along with a reuters mark of credability acceptable everywhere where oil/stock/currency-prices and foreign policy are decided...

    Why is it that whenever a worm hits a high profile system noo

    • How is it noone mentions that humanity knows how to write software that isn`t more worm prone then the stuff that got hit by the morris worm twenty F#$%ing years ago?

      So how do you write software which is usable by humans, but not usable by worms?

      Besides, reference the huge outcry against Microsoft in trying to do just that with the XP TCP/IP stack; things like limiting half-open connections gets them yelled at.

      What it comes down to is, however, that if a system is usable, it's abusable. If your car

      • Re:How inconveniant (Score:2, Informative)

        by Anonymous Coward

        If your OS can execute a program to let you do your finances, it can execute a program to then send that data somewhere.

        Why should your os allow access to financial files to a program that it allows it to send anything anywhere but your bank as identified and certified by a trusted third party?

        So how do you write software which is usable by humans, but not usable by worms?

        Thats what people asked themselfs when working on openvms and multics, its what they wondered about after the morris worm. The peo

    • This is nothing of the sort. There's no overflow or to anything. It's an ordinary executable, called something like "pic.exe", then when run it sends itself to your contact list saying "Hey, I look great in this nude pic" (I forget the exact message). The sole blame for such outbreaks is clueless users, the only way to stop them is to make more intelligent users

  • Yahoo! IM (Score:3, Interesting)

    by G1aucon ( 859522 ) on Saturday April 30, 2005 @11:52AM (#12392318)
    It's too bad there isn't more adoption of YIM. In terms interface and usability, it far outranks AIM or MS.

    Does anyone know why Yahoo! has had a hard time catching on? Is it just a diffusion effect? E.g., if all your friends have AIM, you have to use AIM, too?
    • How about, everytime my sister launches YIM (on Windwos) it takes over the IE toolbars and sets itself up to load automatically the computer boots? No, that couldn't be it.

    • Use Gaim (Score:3, Insightful)

      by RedLaggedTeut ( 216304 )
      Well, why not use Gaim then.
      It can handle both MSNmsnger and YIM.

      "The One IM To Rule then all"
      • Well, why not use Gaim then. It can handle both MSNmsnger and YIM. "The One IM To Rule then all"

        Why not use Jabber [jabber.org]? Jabber can use gateways to reach other IM protocols. One of the better jabber-providers is jabber.org.uk [jabber.org.uk]. They have msn, aim, yahoo, icq and irc gw. Oh, and it is free software!

        • Jabber is a protocol. Gaim is a multi-protocol client. Gaim works well with Jabber networks (and YIM and AIM and MSN). Miranda IM does too, though it is Win32 only. Both are FOSS. Both are completely ad-free. People should use them, even if they never use Jabber.

          It is generally better to use a multi-protocol client than Jabber gateways. The gateways tend to be feature-weak, for example most don't support file transfers or group chat.

          By the way, if you do use the Jabber gateways (which is the only option

  • Don't blame Microsoft for this one. (Score:5, Insightful)

    by MarkByers ( 770551 ) on Saturday April 30, 2005 @11:54AM (#12392334) Homepage Journal
    No blaming Microsoft for this one. This time it is definitely the users' fault. The trojan simply sends a link to the contacts inviting them to download and run an executable.

    And people still do it!? What will it take before people learn?
    • MS got blamed when users opened attachments
      MS got blamed when users clicked on Yes to Install with ActiveX (I realize the wording could have been better)
      MS got blamed when Admins did not install patches, Code Red, Slammer etc

      MS will always get blamed whether it is their fault or not. However there are always thing you can do in software that help the Technically challenged. It just like a security in an company, you need to account for people that do not know what they are doing, and train/create policies/

  • Grrrrrrrrr.... (Score:2, Insightful)

    by Spoing ( 152917 )
    • This is certainly a wake-up call, IM is just like any other communication media. The media needs to go hand in hand with security.

    We [explitve deleted] know that!They don't seem to be listening. [microsoft.com] AGAIN.

    • Messenger patched the vulnerability a few weeks ago.

      http://www.microsoft.com/security/incident/im.mspx [microsoft.com]
      • Messenger patched the vulnerability a few weeks ago.

        Thanks, though that's beside the point.

        Microsoft should have designed with security in mind in the first place. That they didn't is proven by the need for the patch at all. Is the fundimental problem solved? I don't trust that it is.

        • No, the fundamental problem isn't solved. The fundamental problem is the same people who forward urban legends around the net.

          Unfortunately, we still can't figure out how to stab people in the face over the internet [bash.org]

  • stupid virus (Score:4, Informative)

    by dioscaido ( 541037 ) on Saturday April 30, 2005 @11:55AM (#12392341)
    The user needs to click on a link in the IM message, and needs to click on 'yes' on the XPSP2 warning about running unkown executables.

    If I'm not mistaken, didn't this vulnerability get fixed a while ago on MS/MSN Messenger?

  • Jabber anyone? (Score:4, Interesting)

    by tabo_peru ( 582809 ) on Saturday April 30, 2005 @12:02PM (#12392378) Homepage
    I'm running a jabberd2 [jabberstudio.org] server in my company with lots of users with no problems at all. It is free, stable and has a plethora of clients [jabber.org] for all major platforms.

    Is there a _serious_ msn-im feature that jabber lacks?
  • The people responsible for putting up a bad system should be fired. It seems like we no longer hold those accountable in the industry. we simply pass the buck. Oh, it is MS's fault. Well, the CTO made this choice knowing full well that MS is that way.

  • Trillian vs MSN? (Score:4, Insightful)

    by rathehun ( 818491 ) on Saturday April 30, 2005 @12:07PM (#12392409) Homepage
    I guess this is why Trillian updated the MSN plugin today. Seriously, I don't know why more people don't switch to either Trillian or Gaim.

    Reasons? I would be interested in hearing why. I don't use Gaim much, but I use Trillian everyday.

    There is no way I'm going to use MSN Messenger after that. So many more useful functions - default logging of chat...however I'm not sure about the security aspects, and how it compares with Redmonds offering.

    R.

    • Re:Trillian vs MSN? (Score:5, Insightful)

      by YrWrstNtmr ( 564987 ) on Saturday April 30, 2005 @12:37PM (#12392562)
      The security aspect here is the clueless user, not the tool. This does not automagically propagate. If you got an unknown link from someone in Trillian that says "Click here!" and you did click, then another popup that asks if you want to install 'SomeFunkyProgram', would you?

      No, of course not. You have a bit of a clue. But that's exactly what happened here. The only way Trillian or GAIM would be 'more secure' than MSN Messenger (in this instance) is if they disallowed clickable links in IM's, and/or had no stored contact list. Both of which would be major reductions in functionality.

      GAIM and Trillian DO have major functionality benefits over AIM/MSN/Yahoo (notably, multi protocol) but a clueless user is a clueless user, no matter what client they use.

  • Correction... (Score:2, Insightful)

    by Caeda ( 669118 )
    This statement...

    "This is certainly a wake-up call, IM is just like any other communication media. The media needs to go hand in hand with security.'"

    Should have been...

    This is certainly a wake-up call, IM is just like any other "Microsoft Program". The Microsoft Program needs security."

    There isn't a new yahoo virus flying around, nor is there an AIM virus flying around (sending a url that leads to a virus DOES NOT COUNT, as this is not the program itself spreading the virus but just a text link someone

    • Re:Correction... (Score:2, Insightful)

      by Anonymous Coward

      I'm not sure why the above post was modded troll. Microsoft has bred a culture of irresponsibility in IT displacing decades of tried and true practices.
      • It is a troll because no security vulnerability is being exploited. The user gets an IM with a link to a file. The user then clicks on the link. If the user is running XP SP2, they get an additional warning that the link is unsafe and are they sure they really want to run it? Then they run it. The "file" then runs and sends itself as a link to everyone else in the contact list.
  • people are exposed to the flu in winter. News at 11.

  • "Reuters Messenging" (Score:5, Interesting)

    by Anonymous Coward on Saturday April 30, 2005 @12:30PM (#12392534)
    Is "Messenging" a real word?
  • Take your time and get it right. Do leave things uncheck (buffer overflow) and certainly don't rush. rushing breeds mistakes.

  • Programming 101 (Score:4, Insightful)

    by t_allardyce ( 48447 ) on Saturday April 30, 2005 @12:49PM (#12392613) Journal
    No, this is a wake up call to programmers (the snooze button has been pressed by Microsoft regularly for the last 20 years):

    When transferring any kind of data from one computer/system/program to another, where the source cannot be guaranteed trustable (hint: always) the data should be assumed to be intentionally malformed, as a result the system should either:

    a) limit what the input data can do eg: not be executed as binary or a privileged command, not be capable of overflowing anything (ignore extra long data) not be capable of doing anything that you wouldn't allow any random person to do.

    b) warn the user every time new data is to be processed and require acknowledgement to continue.

    (b) is the reason why your operating system can't install random software people send it without warning/asking you.

    (a) is for documents, emails, messages, pictures, music etc.

    This is a pretty fundamental computing rule, its pretty much exactly like the basic gun safety rules: always assume the gun is loaded. always keep it pointed somewhere you don't mind a bullet going. always keep it unloaded. So you really have to wonder about peoples competence..
    • This is a worm, not an exploit. It spreads itself by email or by sending a link to itself via IM. Users then click the link. The computer asks them what they want to do with the link.

      None of your comments apply in this case.

  • Think Different! (Score:3, Funny)

    by Chris Tucker ( 302549 ) on Saturday April 30, 2005 @01:35PM (#12392814) Homepage
    This is the traditional post stating that the Mac is OS is superior because it is unaffected by Windows viri.

    Also included in the traditional post is a gratuitous slam against Windows users: "Windows users are poopieheads for using Windows!"

    Finishing up with a "In Soviet Russia..." joke

    In Soviet Russia, you infect Reuters!

    It has been my pleasure to provide the Slashdot Community with the traditional posting making fun of the Windows OS and WIndows Users, contrasting the Windows OS with the Mac OS, in a snarky, oh, so superior and ultimately uninformative manner, in a comment thread about yet another flaw/fault/sploit in the Windows OS.

    Thank you for your kind attention!

    P.S. if you use Linux or any of the UNIX variants, please substitute the name of your OS for Mac OS in the above posting, the better to observe the Slashdot traditions we so revere.

  • Francis deSouza, chief executive of computer security provider IMLogic, said 'It just generated a flood of instant messages, so it suddenly slowed down the network for legitimate traffic. This is certainly a wake-up call, IM is just like any other communication media. The media needs to go hand in hand with security.'

    Yes, and a good start is to not use closed source solutions where few people can give input to security issues. Yes, a pretty much default comment on Slashdot, but reallly... Using MSN Messen

  • this is fucking hilarious (Score:3, Insightful)

    by Edmund Blackadder ( 559735 ) on Saturday April 30, 2005 @03:25PM (#12393326)
    We are talking about text messaging here. I mean how hard it is to send a line of text securely. There should be no security concerns whatsoever.

  • Lots of IM warnings (Score:2, Informative)

    by poppycock ( 231161 )
    There have been lots of IM warnings in the pastjust look at CERT> warnings for a sense of how pervasive this threat is. [cert.org]

Slashdot Top Deals

The use of money is all the advantage there is to having money. -- B. Franklin

Close