Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Security Worms IT

Fully Automated IM Worms on the Way? 230

Posted by CmdrTaco from the only-a-matter-of-time dept.
nanycow writes "The sudden appearance of a rootkit file in a spyware-laden IM worm attack has set off new fears that malicious hackers are sophisticated enough to launch a fully automated worm attack against instant messaging networks. Researchers say the stage is set for a worm writer to use an unpatched buffer overflow in an IM app to unleash a worm that is capable of infecting millions or users without the use of malicious URLs that require a click."
This discussion has been archived. No new comments can be posted.

Fully Automated IM Worms on the Way? More

Fully Automated IM Worms on the Way?

Comments Filter:

  • Re:Do these things affect non-AIM apps? (Score:3, Informative)

    by chroot_james ( 833654 ) on Tuesday November 01, 2005 @11:00AM (#13923296) Homepage
    You're less likely to suffer from the attack, but you're not safe. Attackers would most likely go for Windows AIM / MSN / Yahoo long before they go for an open source im client on a mac.

  • Re:I cant take any more of this (Score:5, Informative)

    by Darkon ( 206829 ) on Tuesday November 01, 2005 @11:01AM (#13923311)

    Is the 'administrator' account privilege - which a majority of Windows user accounts are - not an equivalent to root?

    Strictly speaking the Windows equivalent of 'root' is the hidden 'LocalSystem' account.

  • Re:I cant take any more of this (Score:2, Informative)

    by platyduck ( 915764 ) on Tuesday November 01, 2005 @11:02AM (#13923316)
    According to the Slashdotter's god, Wikipedia [wikipedia.org]:

    Generally now the term is not restricted to Unix based operating systems, as tools that perform a similar set of tasks now exist for non-Unix operating systems such as Microsoft Windows (even though such operating systems may not have a "root" account).

    I work in the IT department at my college, and in the last week, have encountered two machines infected with this worm. Easily detected as it may be to the expert user, it is a rootkit, hiding from detection. If I had not recognized it, it would have been undetected, as the automated scanning tools did not report it.

  • Re:Infection (Score:5, Informative)

    by Red Flayer ( 890720 ) on Tuesday November 01, 2005 @11:07AM (#13923355) Journal
    From the summary:

    "Researchers say the stage is set for a worm writer to use an unpatched buffer overflow in an IM app to unleash a worm that is capable of infecting millions or users without the use of malicious URLs that require a click."

    FTA "'We've already seen documentation for some serious code-execution vulnerabilities in IM applications. If you put it all together, you'll see we're not that far away from an automated IM attack where infections don't require the user to click on anything,' Wells said."

    User education won't help if propagation occurs without any action by them.

  • Re:The sky is falling! ( again ) (Score:4, Informative)

    by Red Flayer ( 890720 ) on Tuesday November 01, 2005 @11:13AM (#13923389) Journal
    "Let me ask you something, what *doesn't* constitute a "fully automated" worm? "

    Any worm that requires the user to click on a link on order for the worm to propagate. The scary thing about this class of worms is that it installs a rootkit without activity from a user, so the only rate-limiting step in the infection cycle would appear to be buddy lists. So, you're on someone's buddy list... you get infected without taking any action. Then, boom, all your buddies are belong to them. &c.

    Educated users know better than to click just any link they see -- we depend on that to limit propagation. But it doesn't apply here.

  • Re:Do these things affect non-AIM apps? (Score:5, Informative)

    by Rocketship Underpant ( 804162 ) on Tuesday November 01, 2005 @11:22AM (#13923445)
    "I use Adium. Should I be worried?"

    I doubt it, because any malicious program that wants to alter OS X's settings is going to have to prompt you for an administrator password (unlike Windows). Besides, it's likely that any such worm will target official IM clients rather than third-party apps.

  • IM worms go undetected (Score:5, Informative)

    by rizzo420 ( 136707 ) on Tuesday November 01, 2005 @11:35AM (#13923575) Journal
    i think a bigger part of the problem, and hopefully this will open their eyes, is that thus far, the big anti-virus companies (symantec and mcafee) will not include IM worms in their definitions. this means that even if you have the most up-to-date windows security patches, and the most up-to-date anti-virus software, you can still be infected by the IM worm. i don't understand why they won't include them as they are, in my opinion, just as dangerous and propogate on their own just like normal email viruses. i deal with the "AIM virus" on a near-daily basis. i keep sending people to download AIMFix [jayloden.com]. this guy is getting some serious hits to his site, and he's not getting paid for it... these are real viruses, since the definition of a virus is that it gets onto your computer and propogates on it's own. this just doesn't use traditional means (email, network ports). even if you uninstall instant messenger, it's still there waiting to send itself to everyone on yoru buddy list.

  • Re:I cant take any more of this (Score:4, Informative)

    by jav1231 ( 539129 ) on Tuesday November 01, 2005 @11:38AM (#13923603)
    Oh brother. This is largely splitting hairs, people. In the general sense, admin equivilents are about as root like as they come. You're comparing two different systems so being precise is an impossibility.

Slashdot Top Deals

Intel CPUs are not defective, they just act that way. -- Henry Spencer

Close