News.com Mobile
for PDA or phone

CNET tech sites: Product reviews | Shop | Tech news | Downloads | Site map

Corrections Blogs Extra Readers' Choice My News

Front Door Business Tech Cutting Edge Access Threats Media 2.0 Markets Digital Life

New IM worm chats with intended victims

By Joris Evers
Staff Writer, CNET News.com

Published: December 6, 2005, 5:43 PM PST

TalkBack

E-mail

TrackBack

You can now instant message with a worm.

A new worm that targets users of America Online's AOL Instant Messenger is believed to be the first that actually chats with the intended victim to dupe the target into activating a malicious payload, IM security vendor IMlogic warned Tuesday.

According to IMlogic, the worm, dubbed IM.Myspace04.AIM, has arrived in instant messages that state: "lol thats cool" and included a URL to a malicious file "clarissa17.pif." When unsuspecting users have responded, perhaps asking if the attachment contained a virus, the worm has replied: "lol no its not its a virus", IMlogic said.

The malicious file disables security software, installs a backdoor and tweaks system files, the company said. Then it starts sending itself to contacts on the victim's buddy list.

But the worm is programmed so that the infected user cannot see the messages that are being sent out by the worm, according to IMlogic.

"This is a first," said Andrew Burton, director of product management at Waltham, Mass.-based IMlogic. This worm is not widespread, but attackers are just trying out this new technique, he said. "We will see one or two instances of an attack, there will be a refinement and then there will be an outbreak."

The inclusion of an IM bot is another sign that IM worms are becoming more sophisticated. Another worm, also spotted on Tuesday, takes a more traditional route: it spreads under the guise of a holiday greeting card, IM security specialist Akonix Systems said Tuesday.

In other news:

The holiday worm, dubbed Aimdes.E, targets AIM users and arrives with the message: "The user has sent you a Greeting Card, to open it visit:" followed by a link. Once the target clicks on the link, the worm installs itself on the system. It opens a backdoor on the computer and sends itself to contacts on the buddy list, Akonix said.

Advice to users is to be careful when clicking on links in IM messages--even when they seem to come from friends--and to use up-to-date antivirus software. When receiving a link in an instant message, the best practice is to verify with the sender if the link was sent intentionally or not.

TalkBack

E-mail

TrackBack

TalkBack

Another Windows vs. Mac battle?

J L Dec 8, 2005, 7:24 PM PST

How about Gaim?

Ronald Ammerman Dec 8, 2005, 6:40 PM PST

I was going to guess....

Chris Toohey Dec 8, 2005, 9:48 AM PST

First time?

The Sentinel Dec 8, 2005, 4:22 AM PST

There's a difference here.

Rab Townsend Dec 8, 2005, 1:00 AM PST

AIM in general

Brandon Fowler Dec 7, 2005, 11:59 PM PST

Pathetic

Tom Fiset Dec 7, 2005, 7:50 PM PST

Worms

Eskie Eskie Dec 7, 2005, 6:21 PM PST

"THIS IS THE FIRST"

N3td3v Dec 7, 2005, 11:55 AM PST

What OS?

Jeremy Cook Dec 7, 2005, 8:19 AM PST

Too Dang Funny - I wonder where the proofreader is today

Matthew S Dec 7, 2005, 7:07 AM PST

Think how nasty they could get...

Chris Parks Dec 7, 2005, 6:18 AM PST

This is NOT the first im virus to "talk back"!!

Terry Bates Dec 7, 2005, 5:36 AM PST

haha, thats smart

Digitally Sick Dec 6, 2005, 7:06 PM PST

Did you know?

Select a tab below to set your default view.

The big picture Related stories What's hot Latest headlines

Resource center from News.com sponsors

Concerned About Computer Security?

Education is the best defense

Computer security threats are part of daily life. But today's malware techniques present unprecedented challenges for businesses of all sizes. Learn how to protect yourself.

Learn from the experts>>