New Worm Chats with Users on AIM 577
goldseries writes "CNet is reporting that a new
IM worm chats with users to get them to down load a file containing a virus. The virus replicates its self and sends its self out to user's buddy lists. The virus will reply 'lol no this is not a virus.' The virus hides users from seeing the messages sent out to members of their buddy list. Viruses are evolving; now they will even talk to you."
Viruses have always talked to you (Score:5, Informative)
Not too intelligent (Score:5, Informative)
(06:41:27) xxxx: This AIM user has sent you a Christmas Card! To open it please visit: http://greetings.aol.com/index.pd?source=greeting
This senders personal note: Merry Christmas!
(06:41:27) yyyy : Sorry, I ran out for a bit!
(08:42:59) xxxx: This AIM user has sent you a Christmas Card! To open it please visit: http://greetings.aol.com/index.pd?source=greeting
This senders personal note: Merry Christmas!
Re:It's not the first small app that will talk to (Score:4, Informative)
If you read some classic LISP texts, such as Norvig's book on AI using Common Lisp, or another book The Elements of Artificial Intelligence, and other classic texts, there are probably a lot of algorithms that could be used.
Turn the spread of the malware into some kind of gameplay problem and use AI algorithms to optimize the "gameplay" of the spread?
Re:lol no this is not a virus (Score:5, Informative)
Re:People are lazy these days... (Score:3, Informative)
Umm
Integrated AI (Score:5, Informative)
Having said that, when I asked Jabberwacky "Is this a virus?" it said "Well, I hope so." Not very reassuring..
Re:lol no this is not a virus (Score:5, Informative)
I said execute bit in the filesystem.
So - the virus would come in from the mail system with the execute bit set to 0, the user would have to download the file, get its properties, and tick the "execute" checkbox.
Note (Score:5, Informative)
Re:It's not the first small app that will talk to (Score:2, Informative)
Re:lol no this is not a virus (Score:5, Informative)
Windows NT/2000/XP already have this (sorta). You can set execute privileges on files, just like in UNIX.
However, a default Windows XP install will be set up to inherit all permissions from the root of the drive, and will have the Users group set to Read, Execute, and Traverse Directories. So everything you download is by default executable, and no program I know of ever bothers to unset that. (Actually, the latest version of IE will store some metadata with executable files downloaded through it that marks the file as being "untrusted," but I think that only Windows Explorer (basically, IE itself) actually respects that metadata.)
The other thing you need to understand is that, like UNIX, you can essentially exec (on Windows, ShellExecute [microsoft.com]) any file on the system. Unlike UNIX, though, the kernel won't actually try and interpret the file. Instead the Windows API (I think) will look up the file type and send the file off to the approriate handler. So when you call ShellExecute, you're essentially acting like the user clicked on the file in Windows Explorer. To most programs like AIM, there's no difference between executing another program and opening a file in its viewer. As far as I know, there's really no way of asking Windows "are you going to just look at that, or actually run that?"
The basic point here is that while Windows XP (and NTFS) do support an Executable flag, by default it's always on. Plus the "launch file" API will also run programs, and there's really no way to be certain that a file you're launching won't essentially be an executable.
Re:Does this mean? (Score:3, Informative)
Re:lol no this is not a virus (Score:3, Informative)
Finder>Preferences>Advanced
Tick the Show all file extensions box.
Enjoy
Uhh... Windows DOES have the Execute "bit" (Score:5, Informative)
Or, you can go into your Group Policy Object (Local Computer or Domain) and by default in your Software Restrictions Policy disallow execution unless they were in areas of the file system you designate, I.E.: "Program Files" folder. And if I remember correctly, saved files from current versions of IM programs are saved in "My Documents" outside of the "Program Files" folder by default.
Re:lol no this is not a virus (Score:3, Informative)
Re:AIMFix removes these (Score:4, Informative)
If you want the binary only: http://jayloden.com/AIMFix.exe [jayloden.com]
Re:lol no this is not a virus (Score:5, Informative)
Re:lol no this is not a virus (Score:3, Informative)
Trying to convert a non-pif PIF file into a LNK just would not work, and an error box would be thrown up ('Not a real shortcut file, do you want to delete it?')
-Jar.