New Worm Chats with Users on AIM

goldseries writes "CNet is reporting that a new IM worm chats with users to get them to down load a file containing a virus. The virus replicates its self and sends its self out to user's buddy lists. The virus will reply 'lol no this is not a virus.' The virus hides users from seeing the messages sent out to members of their buddy list. Viruses are evolving; now they will even talk to you."

It's not the first small app that will talk to you

[AviLazar]

A.L.I.C.E. [pandorabots.com]

This is a small app and she will talk with you - pretty well. So the fact these guys use something similar (it might even be this app) is no big surprise.

That's why I use Trillian..I still haven't figured out how come it won't let me download files, or even get pictures from other people or even do any kind of direct connect :D

Does this mean?

[BushCheney08]

Does this mean that September is almost over?

Quake 2 Ratbot

[TheFlyingGoat]

Anyone who played Quake2 must be familiar with ratbot. It would respond with "Yeah !!! I am a R A T B O T !!!!! ?? " or "Please help me !!! What is a bot ??" if someone's message included the text "ratbot". This worm reminds me of that... annoying, but in a really funny way.

Re:lol no this is not a virus

[meringuoid]

my God, this one will be unstoppable.

Don't you just hate it when Insightful gets modded Funny?

I can picture it now. All these lusers whining about their toasted computers... 'But my buddy sent it to me! No, I know about viruses, so I asked if it was for real, and he said it wasn't a virus! It sounded just like him!'

How the hell is this going to be stopped? It's easy to beat the AOL Turing test, because these people use such a warped and simplified form of English that leaves out most of the quirks that give away the lack of any intelligence behind the text. Either we educate AOLusers - in English rather than in computer science - so that they use more complex language that machines can't readily mimic, or we shut down file transfers over IM.

Well, my house is safe!

[Tiberius_Fel]

My house is safe. We switched my teenaged sister to a Mac, and the number of viruses entering the house quickly dropped to zero. No matter how many times I said "Don't click on the link you get in IMs...". Problem solved!

Viruses are evolving?

[nekoniku]

Viruses are evolving

Seriously now, are viruses really evolving or is it just that the techniques used by virus writers are evolving? And my Inner Philosopher wants to know if there's a difference and if this has anything to do with Intelligent Design.

I better stop now.

Eliza flashbacks

[Havenwar]

Always interesting to see how virus technology evolves. But this... well just reminds me of a t-shirt note I saw somewhere... "Because there is no patch for human stupidity."

Some people just can not be educated.

Re:People are lazy these days...

[jacobcaz]

Because time is money even in the IM world.

Time is indeed valuable, but where in a professional setting would the equilivent of "lol" be acceptable? I can't think of anywhere I would use that, and in person or in writing most "professionals" would never dream of using that type of reduced language either.

If a person is really so busy as to be bombarded by instant messages non-stop, maybe they should evaluate what percentage are really critical and ignore the rest? That time/money saying is really all about time management!

A great book about Time Management (by the way) is "The Time Trap" [amazon.com] by R. Alec MacKenzie.

I Remember The Old Days

[gadlaw]

I remember the old days when you'd actually get a message from someone who was a human being. Haven't seen this AIM spam bit but there is one in ICQ which is pretty crude. Says hi then sends it's link if you respond. Of course the bots have no info on themselves, have hidden ips and are easy to spot as the bots they are. The people who create and unlease these things belong in the same jail with the email spammers.

Re:lol no this is not a virus

[The Amazing Fish Boy]

Also: if we used proper grammar and spelling, I think it would be easier to filter spam. I'm not involved with the spam problem so much, but it seems to me "words" like v14gr4 would cause problems. Meanwhile if we could detect "v14gr4" isn't a word in our dictionary, we might be able to flag the email as potential spam. Then if you were working on something where the project's code name was "v14gr4" or something, the word would appear underlined, you would click it and click "Add word to dictionary." I don't know if that's even the best way, but I think if everyone used proper spelling and grammer, computer comprehension (and filtering) would be able to improve. I might be wrong.

Re:lol no this is not a virus

[intangible]

How about, and here's a tough one: Microsoft unhide the @%$@#$%@ file extensions on everything by default. WTF is up with hiding them?

How many trojans are named "something.jpg.exe" or just have a picture icon, or html icon when it's truly an exe? What motard at MS thought hiding "the oh so complex" file extension was a good thing?

Seriously, this one has bugged me for years. Dumbing down computer interfaces beyond a certain point is just asking for trouble.

Re:lol no this is not a virus

[volsung]

I've seen more than one person suggest a filter which would junk messages which contain more than X% (say 2-5%) misspellings. This would not only eliminate all that foreign spam which you can't read anyway, but a great many "English" spams which contain all sorts of garbage to fool keyword filters. Of course, spammers will compensate by padding emails with 98% Shakespeare, so that advantage won't last long.

As a fringe benefit it will also filter out anyone who can't be bothered to spell most of their email correctly, which might be handy for those who receive crazy rants due to their online postings. :)

Re:lol no this is not a virus

[troon]

if everyone used proper spelling and grammer, computer comprehension (and filtering) would be able to improve.

QED. It may interest you to know how many ways there are to spell Viagra [cockeyed.com]...

Re:This is old school

[plover]

That said, people still have AV. There's still stinger. AOL might even be able to release an update that blocks where it's hooking into the main AIM program (which would, of course, be very stop gap)

I don't understand why AOL doesn't simply apply anti-bot filters when this crap is discovered. No IM protocols in use today are peer-to-peer based, they are all server based (otherwise firewalls would have prevented IM from taking off amongst the Joe Sixpack crowd.)

These bots all have distinctive signatures, how hard could it possibly be to pinch them off at the server side? They could do other things, too, such as IM'ing the infected client from Admin to say "Busted, O virus-laden one. Please update your antivirus software and only then will we allow you back onto our servers."

Seems like an ounce of prevention to me ...

Re:The next generation

[maxwell demon]

Well, just wait until the AI gets more advanced. Then it will first sit silently on your computer for a while and watch your chatting behaviour. And then it will try to imitate you.

Re:lol no this is not a virus

[Blakey Rat]

Not only that, but MacOS (even back to version 1) makes it really easy to disguise a executable as any other type of file. And from version 7.0 on, you can even paste any icon over any type of file.

But yes, nobody complains except when Microsoft does stuff like this. Goofy.

What's even goofier is that in OS X, as far as I can figure, "show file extension" is a file-specific flag, not a user-specific flag. Unless I'm missing something, it's impossible to get OS X to show file extensions on all files all the time.

Re:People are lazy these days...

[Fandango]

That's why I added some autotext entries on my Sidekick to convert "u" into "you", "ur" into "your", "u're" into "you're", "b4" into "before", "l8r" into "later", etc. Now I can thumb-type more quickly and not sound like a luser.

Re:The next generation

[maxwell demon]

No, you misunderstood. It would at first sit there and watch you, and then, after it has learned enough about your behaviour, it contacts your buddies and tries to look like you to them.
For example, it could catch typical phrases you use, as well as about what topic you chat with whom. That way, it could manage to not only chat from your account, but at the same type look so "typically you" that your buddies would more likely accept them as you, and therefore download the virus file (the stated contents of which would also be adapted, so if you typically chat with one of your buddies about programming, then it may e.g. claim to have found a great new code analysis tool, while to the other buddy you are talking about movies with, it would be e.g. a trailer to a new movie).

get free sheikh speare!

[RedLaggedTeut]

Of course, spammers will compensate by padding emails with 98% Shakespeare

Well, at least you would have an interesting read in you inbox everyday; maybe one could develop some sort of persistant distributed storage scheme involving spam :-)

Re:Turing Test

[Anonymous Coward]

Not that the slashdot crowd needs any convincing, but here is a hilarious case in point. http://www.costlowcorp.com/applications/monkeyLogo /gullible.php [costlowcorp.com]

Most non techie people have little of what a bot is. Nonsense answers rarely detour the ignorant and/or stupid. The replies are like Rorschach ink blots. The person will unconscious assume what they mean, while thinking all is otherwise normal.

I guess I should give compliments to AOL for getting their members acquainted with the idea of IM bots.

Re:lol no this is not a virus

[rolandog]

Ha! This reminds me soem advice a friend of mine gave to me: "If you want your pr0n folder to be untouched: compress it, delete the original, and change the archive's extension to *.dll. Nobody wants to mess with a 1 GB *.dll."