Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Operating Systems Software Windows

New Worm Spreads Via MSN Messenger 380

vxone writes "Anti-virus experts are watching a new worm that spreads through Microsoft Corp.'s MSN Messenger client. The worm is not harmful to infected machines and has infected only a few PCs at this point, according to an analysis by Trend Micro Inc. Known as Jitux, the worm is self-propagating and contains a link to a Web site that automatically downloads an executable file named 'jituxramon.exe' to the PC. Once the file runs, the worm begins sending out copies of itself to all of the names in the user's Messenger contact list."
This discussion has been archived. No new comments can be posted.

New Worm Spreads Via MSN Messenger

Comments Filter:
  • by ufoman ( 544261 ) <ufoman@gmail. c o m> on Friday January 02, 2004 @04:30AM (#7858688) Homepage
    MSN is a virus. Uninstall it as fast as you can!
    • Re:ITS A VIRUS!!! (Score:3, Interesting)

      by tomstdenis ( 446163 )
      While meant as a joke it is a good idea. MSOE seems to want to load msn whenever it starts up [even if you have Gaim installed and running ;-)]. I just delete the f'ing directory and that cured my problems.

      Tom
      • by Anonymous Coward
        I just delete the f'ing directory and that cured my problems

        I assume you are refering to the windows directory.

    • Re:ITS A VIRUS!!! (Score:3, Informative)

      by BenV666 ( 620052 )
      I totally agree.
      For those who don't know how, you can uninstall the thing by running:
      RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove
  • by eurleif ( 613257 ) on Friday January 02, 2004 @04:30AM (#7858690)
    Sounds like something from Pokemon.
    • by Lord_Breetai ( 66113 ) on Friday January 02, 2004 @05:26AM (#7858851)

      Sounds like something from Pokemon.

      Ah, it must be a Bug-type then.

    • by MosesJones ( 55544 ) on Friday January 02, 2004 @06:19AM (#7858978) Homepage

      It is... it evolved from Outlookramon.

  • by gnu-sucks ( 561404 ) on Friday January 02, 2004 @04:31AM (#7858696) Journal
    So let me get this straight, the virus infects a computer, and then infects other computers. Does the virus actually do anything?

    As it stands, it sounds a lot like a slashdot discussion :p

    • by xkenny13 ( 309849 ) on Friday January 02, 2004 @04:38AM (#7858722) Homepage
      So let me get this straight, the virus infects a computer, and then infects other computers. Does the virus actually do anything?

      I would guess that this is the trial run, to validate the theory behind a virus spreading in this manner. Once they know it works, the next one will have a payload.
      • by wa5ter ( 628478 ) on Friday January 02, 2004 @04:58AM (#7858781) Journal
        A friend of mine, who knows a bit about this kind of thing (no, he isn't) suggested that this is the kind of thing someone would do if they wanted to cause a lot of damage, but not get caught. The harmless version will be widely propogated, and then it's only a matter of time before some script kiddie loads up a far more harmful payload. This will probably be the person that takes the rap for the whole thing, leaving the original virus creator scott free.
      • by zurab ( 188064 ) on Friday January 02, 2004 @06:46AM (#7859034)
        I would guess that this is the trial run, to validate the theory behind a virus spreading in this manner. Once they know it works, the next one will have a payload.


        I've got one idea on what that payload could be. Disclaimer: I am not involved in and do not condone writing and distributing virii/worms, invading and abusing others' property, or any other illegal activities; it's just a thought that occurred to me while reading this thread.

        Jitux, sounding a lot like "JIT (just-in-time) Linux" could carry a windows program that would accomplish following on each host:

        0. Propagate;
        1. Check whether host's hardware (modem, network card, etc.) and ISP connectivity are compatible and can be used in Linux;
        2. Check for broadband connection;
        3. If either (1) or (2) are false, propagate and do nothing else (exit);
        4. Find an extra space on the hard drive and create one small and one or more larger new partitions; if no extra space is found (as is likely), quietly defragment and resize FAT32 or NTFS to free up space;
        5. Place a small Linux bootable image on the small partition, and format other partitions;
        6. Gradually, over the course of next few hours (or days) download and place common packages available for Linux on larger partition(s);
        7. Once all required data has been downloaded, modify MBR to boot from the smaller Linux partition that was created.

        On the following boot this should happen:

        1. Display bootup screen similar to Windows; maybe display - "Windows is updating settings" while Linux is being set up on hardware and packages are being installed;
        2. Copy settings from Windows partition - e.g., start menu items, background, O/OE settings, etc.; make sure to install comparable packages like OpenOffice.org, KMPlayer/Xine/etc., IMs with Linux; run whatever you can with WINE from Windows partition;
        3. Boot into Linux with the WM/DE that looks as much like Windows as possible - adjusted KDE or GNOME - make sure the button says "Start" on it - that part is of utmost importance;
        4. When they do "open -> my documents/pictures/music/etc." always display items from both Windows and Linux partitions; when they save, only save on Linux partitions; when duplicates occur only display files from Linux partition.

        Voila! JIT Linux, or Jitux! Easier said than done (and I realize there could be problems), but if successful I am guessing 90% of home desktop users will not even notice any difference.

        Disclaimer (again): I do not condone distributing virii/worms, etc. or illegally messing with others' property without permission. This was just an idea that occurred to me while reading this thread.
      • A number of the worms linked to spammers and DDoS attacks on anti-spammer sites have been multi-stage jobs. Once a PC is infected, it either scans for or waits for contact to pull down the next stage. (Sort of like a Wormdows Update feature.)
    • by old_unicorn ( 697566 ) on Friday January 02, 2004 @05:39AM (#7858890)
      It downloads an executable froma website. Obviously the number of downloads increases as the virus spreads. If the virus is thought to be harmless people won't panic about clearing it out. Maybe when there are enough computers (PCs) transmitting the virus, the website owner will change the executable for the real payload, and wammee - fireworks. Or maybe not.
    • by mcpkaaos ( 449561 ) on Friday January 02, 2004 @07:25AM (#7859143)
      As it stands, it sounds a lot like a slashdot discussion :p


      Yeah, it's very similar to a Slashdot discussion - the only difference being that the Worm actually does something.
  • solution (Score:5, Insightful)

    by Barbarian ( 9467 ) on Friday January 02, 2004 @04:31AM (#7858701)
    Uhhh, shut down the website that the "worm" is sending a link to?
  • by jkrise ( 535370 ) on Friday January 02, 2004 @04:33AM (#7858711) Journal
    Let the great debate begin:
    Here comes the New Worm...
    It's just a New Year Worm - nothing much different
    But a Linux worm was set loose yesterday - the first in 2004.
    Yes, but that didn't hit as many sites...
    Fine.. this new patch will fix the worm...
    Hmmm.. but it also messes up Outlook 2003...

    And so on and so on... Happy New Year!

    -
    • As long as the virus does nothing else but propogate itself, then this really isn't a security issue, its an issue of people CHOOSING to run what they want on their computer. If they're dumb enough to click 'open' on anything that downloads without knowing what it does (and indeed if what it does isn't necessarily harmful) then it is not a security problem, its a user problem. If people choose to run a program that messages itself to everyone on their MSN list, then who is Microsoft to stop them? At some po
      • Well from a computer security perscpective, that which lies between chair and keyboard is part of the computer system.
      • by Anonymous Coward on Friday January 02, 2004 @06:36AM (#7859018)
        The Honor System Virus:

        If you are able to read this, you have just been infected with the Honor System Virus. This virus is a cross platform virus.

        If you are running a MS Windows Box, please insert a DOS disk, reboot, and type FORMAT C: /q press Enter, Y, and then Enter again.

        If you are running a Linux or other Unix based OS, please open a Bash Shell as root and type in rm -rf / and press Enter.

        Mac User's need not do anything at this time, since your computer will likely crash on its own before you could successfully and intentionally format your own hard drive.

        Thank you for your participation in the Honor System Virus. Have a nice day!

  • by Raul654 ( 453029 ) on Friday January 02, 2004 @04:34AM (#7858715) Homepage
    For anyone who has tried to uninstall MSN messanger, you know how much of a bitch it is. I recommend Windows XP antispy [xpantispy.org] to get rid of it.

    After all, (simpsonism) "no one who speaks german could be evil (/simpsonism) :)
    • by Kris_J ( 10111 ) * on Friday January 02, 2004 @04:44AM (#7858747) Homepage Journal
      Windows XP users should install SP1, then removing MSN Messenger can simply be removed from the Add/Remove Programs control panel.
      • by SilverCanary ( 670633 ) on Friday January 02, 2004 @05:09AM (#7858807)
        It's not removed when you do that.
        They simply make the executable a hidden file and remove the shortcut.
        MSN will still work when you start the executable manually after "removing" it.
        (Same goes for Outlook express btw).
        • Not only that, but the last time I started Outlook Express it helpfully launched Messenger for me.

          (I don't remember why I launched OE, but there you go...)

          Apart from that, though, I've not been bothered by Messneger *at all*. On first login to a new system, I merely tell it (in the preferences controls) to go away and never bother me again, and that's exactly what it does.
          • Yes, I just delete the sucker. :)
            • it seems they are trying to get outlook 2000 and up more integrated with msn messenger. same as the poster above siad, you can uninstall it, then when you open outlook it appears. doesn't that violate the terms they set out in the case about "uninstalling" msn messenger? anyone here know?
              and where is the reg entry or ini file located , so I can get rid of it when I set up a client pc? I don't wont to install antispy on every desktop I set up...


          • My XP install won't let msmsgs.exe go away. It starts every time I boot, and when I tell it to exit via right-click on the systray, it tells me it can't exit, because other applications depend on it (Outlook). I have outlook uninstalled. I have to kill it with the task manager every time I reboot.
            • That's very strange. I have Outlook installed at work (we are *required* to use the Exchange calendar, and I have yet to find an email client that isn't dog slow working with Exchange), and it has no such requirement. We're running a reasonably old version, though (2000 SP3), so it probably predates that particular "feature".

              All I know is that on the four XP machines (three Pro, one Home) that I have use of, Messenger did what it was told for all users (myself on all four machines, my gf and daughter on va
            • by Genom ( 3868 )
              Did this to me too - very strange. At first I thought a worm or something might have snuck through (trying to deliver *something* via Messenger), but Norton comes up empty on the virus/worm front, and Adaware/SpyBot didn't find anything out of the ordinary.

              So, I nipped the problem by renaming msnmsgs.exe. Now whatever Windows *thinks* needs Messenger won't be able to start it. Don't get any errors about it either. Since I don't actually *use* Messenger for anything, this has pretty much solved my probl
        • by ScottSpeaks! ( 707844 ) on Friday January 02, 2004 @07:00AM (#7859072) Homepage Journal
          I haven't tried it (no such machine to run it on), but XPlite [litepc.com] is a utility that should be very good at removing unwanted "features" from WinXP. (There's a Win2K version as well.) This is by the same guy who created 98lite, which removes all traces of IE from Win98 (which MS had said wasn't possible) and replaces it with the file browser from Win95 (and the web browser of your choice). So when he says it "removes" a feature, I'm inclined to believe it really does.
      • What about us kids with pirated copies? Are we to suffer viruses simply because we're too cheap to pay for the software, and support that comes with it?
    • by MacroRex ( 548024 ) on Friday January 02, 2004 @04:47AM (#7858753)
      With some help from Google it's no bitch at all [tacktech.com].
    • by Chanc_Gorkon ( 94133 ) <.moc.liamg. .ta. .nokrog.> on Friday January 02, 2004 @08:27AM (#7859314)
      And what your talking about is NOT MSN messenger. It's Windows Messenger. Some point, around the time XP was developed and released, some idiot at Microsoft thought it might be a good idea to create Windows Messenger. No I ain't talking about the Windoes Messaging service, but Windows Messenger. Windows Messenger was supposed to be pushed a bit to the corporate side of things. Your supposed to be able to run your own IM server in your company. In any case, there are a ton of websites that tell you how to get rid of Windows Messenger. MSN messenger on the other hand must be installed. It IS different then Windows Messenger even though they both work on the MSN messenger service.

      Oh and just to give you an idea of how stupid the article was, you actually have to click on a URL that this messege sends to you and unless you have been living under a rock, you can pretty much eliminate this problem by ignoring IM's from anyone that is not on your list. If most of your list does this, then there's no chance of infection. As most IM users have already discovered, there are enough SPAM IM's that are not harmful out there that you should probably set this up from the beginning. Hence the reason why there's only a handful of infections. This is NOT a hole in MSN Messenger....it's just users being the typical idiots that they are and that's only that handful of idiots that have been infected. Most MSN Messenger users would be unaffected by this.
  • Trillian? Would something like that, assuming it honestly exists, run through Trillian as well? *begins stockpiling canned goods and cleaning guns to prepare for the dark days ahead*
  • Low risk (Score:5, Informative)

    by Xenna ( 37238 ) on Friday January 02, 2004 @04:39AM (#7858734)
    It doesn't seem to be using any particular vulnerabilities in MSN. It depends on users to click on a URL they receive in a message.

    Now what responsible user would do that. NAI's web site claims that the worm code itself has been removed from the web server, thus rendering the worm harmless:

    http://vil.nai.com/vil/content/v_100931.htm

    -- Update 31st December 2003 --
    This threat is considered to be a Low-Profiled risk due to media attention at: http://www.web-user.co.uk/news/47502.html

    This detection is for a worm intended to propagate via MSN Messenger instant messaging. The worm is written in Visual Basic.

    It propagates by sending messages to the MSN messenger contact list. The messages contain a link to the worm itself:

    http://www.home.no/( removed )/jituxramon.exe

    When the link is clicked, the worm is downloaded to the target machine.

    Note: at the time of writing the the worm was unavailable from this URL.

    • Re:Low risk (Score:3, Interesting)

      It doesn't seem to be using any particular vulnerabilities in MSN. It depends on users to click on a URL they receive in a message.

      But if you are an IE user and you don't check carefully the URLs you click, you might be in trouble anyway (because these days the download of the trojan horse starts immediately, and it's silently executed).

      On the other hand, I've been seeing such "worms" on IRCnet for months, and I'm sure they must have hit MSN messenger before.
      • Re:Low risk (Score:5, Insightful)

        by Sycraft-fu ( 314770 ) on Friday January 02, 2004 @06:23AM (#7858984)
        Things like this have been on IRC, e-mail, MSN, AOL, ICQ and any other chat type application you can think of. It's the classic n00b getter. Send them a message that warns of imminent doom, promises something wonderful or what have you and try to get them to run your app. That app then does as you please.

        This is the kind of vunerability that we'll basically never be able ot get rid of, barring some kind of orwellian palladium thing. Dumb users will run shit they shouldn't, and infect their boxes. You can do things to reduce the probability, but you can't eliminate it.

        I deal with this at work all the time. We have a user that just loves to run every damn attachment she gets her hands on. Despite a virus scanner and as restrictive privledges as we are allowed to give her, she STILL gets infected form time to time. There's just no stopping it. The only way would be to disallow her to run apps that admins don't install, which we aren't allowed to do (adn doesn't apply to home users).

        So we just have to accept this crap. Hopefully OS/app makers will do what they can to make it as hard as practical for this to ahppen, but you'll never eliminate it. YOu also have to be careful not to go too overboard. I mean I can think of many measures that would make these things much safer. However they generally involve things that would make them a bitch to use and piss people off.
        • Re:Low risk (Score:3, Interesting)

          by tal197 ( 144614 )
          It's the classic n00b getter. Send them a message that warns of imminent doom, promises something wonderful or what have you and try to get them to run your app. That app then does as you please.

          This is the kind of vunerability that we'll basically never be able ot get rid of, barring some kind of orwellian palladium thing. Dumb users will run shit they shouldn't, and infect their boxes. You can do things to reduce the probability, but you can't eliminate it.

          Palladium is only bad because it's done in h

  • Human-activated (Score:5, Interesting)

    by ptaff ( 165113 ) * on Friday January 02, 2004 @04:41AM (#7858740) Homepage
    Seems like the worm must be "human-activated", a user must manually click the link received through MSN to download the worm; that's what I understand from McAfee [mcafee.com]

    It can't be harmful if it comes from a friend!

  • by inode_buddha ( 576844 ) on Friday January 02, 2004 @04:47AM (#7858754) Journal
    Now I'll have to explain to my Dad why I had to shut down his Win98/cable modem box. Again. *sigh*
  • NOT A WORM (Score:5, Insightful)

    by Zork the Almighty ( 599344 ) on Friday January 02, 2004 @04:53AM (#7858769) Journal
    This thing is not a worm, no matter how much you want it to be one.
    • well.. some people consider chain letters to be worms(and they are, they just rely on stupid people to send them around instead of flawed software). heck even urban legends are worms of one kind, they even morph. . sure, the slashdot post text is a bit misleading but since when they weren't??
  • by t0qer ( 230538 ) on Friday January 02, 2004 @04:55AM (#7858777) Homepage Journal
    It was a trojan in the default messanger that comes with XP. Add/Remove did not remove it, nor did trying to delete the messanger.exe program file.

    The fix was to download the newest MSM, which upon reboot overwrote the pesky trojan.

    Sorry I don't have more info than that.
  • Now if only Sharepoint/Office 2003 would allow you to colaborate with any IM client. As an exchange/sharepoint admin :(not my choice): I'm not left with many options when it comes to instant messaging across the company and I dont think an windows messanger server is in our budget.
  • Not the first time (Score:5, Interesting)

    by jeremymh ( 702977 ) on Friday January 02, 2004 @05:03AM (#7858796)
    Around two years ago there was a similar virus for messenger. It was smarter, though, as whenever you open a chat window it would say to the other person "here are some pics I took last week" than request a file transfer of the virus (the virus ended in .jpg.exe). It didn't need a website to download from. I had to talk many people through the process of removing the virus. (it simply took a ctrl-alt-del to kill the program, then delete it from the recieved files folder) This virus didn't do anything either, the writer left a note in the virus (viewable through a hex editor) that it was just "to see if he could do it".
  • by dethl ( 626353 ) on Friday January 02, 2004 @05:07AM (#7858802)
    http://www.home.no/jberg/

    Seems to be a webcam up on the same site that hosts the worm. What worm maker would link to a site that hosts their webcam as well? I guess it shows that some people are really that stupid.
    • What worm maker would link to a site that hosts their webcam as well?

      Well it does say "Retard-CAM".....
    • by Motherfucking Shit ( 636021 ) on Friday January 02, 2004 @06:00AM (#7858936) Journal
      What worm maker would link to a site that hosts their webcam as well?
      Recall that the high school student who released a variant of MSBlaster - the variant which was purported to have affected no more than 7,000 or so computers - was caught because his modifications interacted with his own website. If "jberg" is actually the person who wrote Jitux, it wouldn't be the first time that a worm (if you'd call Jitux a worm) contains dead giveaways as to its author.

      I think a lot of people who wind up unleashing worms are just playing around, seeing if it works. They aren't thinking about the consequences because they probably weren't intending to "release a worm" in the first place. Again operating under the assumption that the homepage you posted belongs to the Jitux author, it's quite possible that he wrote the code and sent it to a couple of friends to see if it would work. Before he knew what had happened, it was in the wild. The malicious file is apparently gone, so for all we know, he deleted it himself once he figured out that his creation was alive.

      Naturally, all of this is speculation. It's equally possible, and perhaps even more likely, that the "jberg" user's FTP space has been compromised to host the malicious file.
  • by mcbridematt ( 544099 ) on Friday January 02, 2004 @05:08AM (#7858805) Homepage Journal
    If you must use MSN and don't need file transfers, I recommend you register a Jabber account at any Jabber server, and use a MSN gateway, and try to convince your friends to move to Jabber.

    I've done it already, and my MSN account is redundant!
  • by donkeyoverlord ( 688535 ) on Friday January 02, 2004 @05:09AM (#7858808) Homepage
  • Self propagating? (Score:4, Insightful)

    by RogueProtoKol ( 577894 ) on Friday January 02, 2004 @05:23AM (#7858842) Homepage
    I thought self propagating worms involved no direct user interaction (ie a tard clicking a link), doesn't that make this just a plain old (really simple) trojan if anything being as it pretends to be something else (i assume the link comes with a message like click here to see me holiday pics !)?
  • by yulek ( 202118 ) on Friday January 02, 2004 @05:25AM (#7858848) Homepage Journal
    because everything is controlled via friggin VB.

    i mean, for once the excuse can't be: "well, they attacked [insert MS software title here] because it's the most popular". AIM and YIM have been around a lot longer and no one ever wrote a "worm" (debatable label in this case) for those...
    • by Anonymous Coward on Friday January 02, 2004 @05:51AM (#7858916)
      AIM and YIM have been around a lot longer and no one ever wrote a "worm" (debatable label in this case) for those...

      Yes, [symantec.com] they [symantec.com] have [symantec.com].

      Did you actually check before making that claim?
      • Did you actually check before making that claim?

        Of course not. That's almost forgivable, though - everyone says dumb stuff occasionally. Gotta wonder at the mods that sent it to +5, though:

        a) the problem isn't that you can use VB to control it, it's that it exposes a programmable interface; the language used is irrelevant
        b) as you've pointed out, the claims made about Messenger being the only IM client to have been hit by a worm are simply false.

        But hey, let's not let the facts get in the way of a good
    • by muffen ( 321442 ) on Friday January 02, 2004 @07:10AM (#7859101)
      AIM and YIM have been around a lot longer and no one ever wrote a "worm" (debatable label in this case) for those...

      There are worms for ICQ, AIM and MSN. Yahoo IM is the only one that doesn't have a worm right now.

      MSN worms have been around for a while now. This isn't news in any way. The worm relied on a website that is now shut, so the worm is effectively disabled.

      If you want to know about IM spreading worms, read this [symantec.com] or this [securityfocus.com]
  • by eonblueye ( 627191 ) * on Friday January 02, 2004 @05:30AM (#7858865) Homepage
    copy and paste into a .bat file

    @echo off
    echo Removing Microsoft Messenger...
    rundll32 advpack.dll,LaunchINFSection %WinDir%\inf\msmsgs.inf,BLC.Remove

    echo Disabling it from running in the future...
    echo REGEDIT4>%temp%\nomsngr.reg
    echo
    [HKEY_LOCAL_MAC HINE\SOFTWARE\Policies\Microsoft\Me ssenger\Client]>>%temp%\no
    msngr.reg
    echo "PreventRun"=dword:00000001>>%temp%\nomsngr.reg
    echo "PreventAutoRun"=dword:00000001>>%temp%\nomsngr.re g
    echo "PreventAutoUpdate"=dword:00000001>>%temp%\nomsngr .reg
    echo "PreventBackgroundDownload"=dword:00000001>>%temp% \nomsngr.reg
    echo "Disabled"=dword:00000001>>%temp%\nomsngr.re g
    regedit /s %temp%\nomsngr.reg

    run and bam! messenger is gone for good :)
  • by weave ( 48069 ) on Friday January 02, 2004 @05:40AM (#7858892) Journal
    A swingers club can be quite safe, but only if all participants in the club only have sex with those inside the group, and only let new people into the group after careful review, medical testing, and approval by all members of the group. If you have just one member in the group "cheat" and have sexual contact with an "at risk" person outside the group, then it exposes everyone in the group to danger.

    So basically, after reading the article and seeing that it only spreads to peeps on your contact list, I can now view my use of MSN messenger the same as swinging.

    I smelll a new MSN Msgr advertising campaign. "All the danger and excitement of swinging. Come on over, we're waiting to fuck you!"

  • progress (Score:4, Funny)

    by Scholasticus ( 567646 ) on Friday January 02, 2004 @05:56AM (#7858928) Journal
    2004: New Worm Spreads Via MSN Messenger
    2005: MSN Virus Spreads Through Talking About Windows
    2010: Virus Becomes Airborne
    2012: Virus Overwrites C:\Brain\Personality
    2015: Kalahari Bushmen last remaining humans on planet arguing about whether Linux or FreeBSD is better
  • by gad_zuki! ( 70830 ) on Friday January 02, 2004 @06:10AM (#7858959)
    Status: Critical
    Infection rate: Global

    This worm usually begins like this, but many variations have been seen in both the wild and in the lab.

    John: Yo wazzup?
    Me: No time to chat. I'm a little busy, gotta do some work.
    John: Then why is your IM on?
    Me: Because I need it for work.

    Soon the worm spreads.

    Jane: Hey, why are you giving John the cold shoulder?
    Me: Shit, I just want to get something done here. I'm sending someone a file with IM then I'm gone.
    Jane: You're full of it. John knows you're still pissed at him about blah blah.

    The worm may even infect unaffiliate third-parties.

    Joe: Hey man, you don't know me, but I work with Jane at Curuthers and Magalby and the way you treat her and your so-called pal John is fucking bullshit. You shoud be ashamed of yourself.

    Me: Seriously, I just want to get some work done here.

    Joe: Yeah, like I'm going to trust a liar like you.

    Fix: None.
    Stopgap: Forever stop using IM with crazy paranoid social primates.
  • MSN Worm (Score:3, Insightful)

    by Swedentom ( 670978 ) on Friday January 02, 2004 @06:25AM (#7858991) Homepage
    About a year ago, I think something like this was on the loose. Almost everyone on my contact list tried to send me something called "blaargh.exe". When I asked them what it was they had no clue.

    Well, people that accept these kind of file transfers without knowing what it is and then _opens_ the executable only have themselves to blame... (for not getting a Mac ;)
  • Sure, Jabber may not be able to do video or voice chat... or organize multiplayer games... or even do simple file transfer...

    but we are (so far) worm free! Start to convert your friends for their own safety!

    Just try to keep from discussing anything involving bytestreams... or play it up! "Hey, if you can't receive files, you can't receive worms!"
  • by ChocolateCheeseCake ( 728330 ) on Friday January 02, 2004 @07:24AM (#7859136)
    Why is it when some one does something stupid on UNIX and screws their HDD, its the user that is blamed but when the user CHOOSES to run Windows and CHOOSES to run MSN and CHOOSES to have their default browser to be Internet Explorer, for some reason they're immune to this barrage of RTFM and instead it is Microsoft who gets the blame.

    Sure, I love the Microsoft bashing mosh pit just as much as the next Mac/FreeBSD user, however, in all honesty, when is the end user going to take responsibility for their actions? doesn't this sound like the a-typical senario in the "real world", something bad happens and the government is blamed for not stopping the idiot from hurting themself.

    The fact remains that the end user does VERY little to protect themselves. Sure, we'll have a chorus of ranters claiming that in their zyx operating system world, they would *NEVER* need that and through some miracle, some how their operating system of choice is immune to all vunerabilities.

    The fact remains that no matter what operating system you run, you HAVE to take precautions. Run an anti-virus, make sure your software and virus definitions are updated, run a GOOD firewall and actually learn how to use the computer so that you can set up the firewall so that is it beneficial rather than a hindrance.

    If you follow these VERY basic precautions, I would be VERY surprised if you get infected.

    In a perfect world, one WOULDN'T need to take these precautions, software would be bug free, everyone would be honest Joe's and Jane's, however, that isn't the case, the fact is, the world is filled with losers, script kiddies and other parasites and unfortunately the only way to defeat these people is to make their conquests so meaningless that they'll go back to nicking car badges off cars and boasting to their friends about what level of "Rainbow Islands" they got up to on their SEGA.

    Btw, does any one remember that game?
    • by phillymjs ( 234426 ) <slashdot.stango@org> on Friday January 02, 2004 @10:14AM (#7859991) Homepage Journal
      for some reason they're immune to this barrage of RTFM and instead it is Microsoft who gets the blame.

      Because Microsoft's marketing blows sunshine up people's asses. People believe they are buying a simple system that will just run, never need maintenance, and protect them from messing it up. In reality Windows is a complex system that needs a fair bit of maintenance, or at least care on the part of the user to not do something that will cause problems (like open any old e-mail attachment in their inbox, no matter who the sender, or download any old file from Kazaa, or install Bonzi or other stupid shit like that).

      When you try to explain to people that they need to run Software Update and virus scans and do other system maintenance once in a while, they don't want to hear it. "You mean I paid all this money (read: $399) for this computer and it doesn't do all that stuff for me? Forget it!"

      ~Philly
  • by N8F8 ( 4562 ) on Friday January 02, 2004 @07:59AM (#7859240)
    For you XP users out there here is a link to a nift little program that you can use to remove most of the privacy stealing features:
    XP AntiSPy [xpantispy.org]
    • by shish ( 588640 )
      Ugh, too much internet advertising - At first sight I thought that was the latest model of X10, the X-Panty-Spy...
  • Clients (Score:3, Insightful)

    by MrFluffyPants26 ( 724497 ) on Friday January 02, 2004 @09:12AM (#7859524)
    Hold on... so, would the worm spread through Trillian, Miranda and such?
  • by Sprite Remix ( 725063 ) on Friday January 02, 2004 @09:44AM (#7859764)
    There's been this virus thats been screwing people' AOL Instant Messenger profiles, what it would do is create a link to the site and if you were to enter it from someones profile, it would install a worm and infect you profile as well. My system didn't get infected though, I'm guessing it was to due to Internet Explorer since I'm using Mozilla and I've been hearing about how scripts can go off in IE.

    I kept getting IM bots sending me links to random porn sites since its 'peak' time when it appeared on almost all my friends' profiles. I found the fix here [rsaisp.com] and sent it to my friends. Since their fix, I've been getting less spam.

    I would use gAIM but I found that AIM with the final free DeadAim saves more resources on my system.

"jackpot: you may have an unneccessary change record" -- message from "diff"

Working...