Author Topic: New AIM Virus Going Around...  (Read 2379 times)

davepeck

  • Administrator
  • Hero Member
  • *****
  • Posts: 14106
New AIM Virus Going Around...
« on: December 06, 2005, 10:48:45 pm »
so there\'s a new AIM virus going around.. so far i\'ve seen it in the form of \'how\'d your pic get here? (link)\' and \'this could be your twin! (link)\'.. the links look like they go to pictures, but they download a virus.. please, for the love of god, don\'t click on it.. i\'m dealing with one right now (no, i was not duped), and i\'m not happy about it.

Quote
New IM worm chats with intended victims
By Joris Evers, CNET News.com
Published on ZDNet News: December 6, 2005, 5:43 PM PT

You can now instant message with a worm.

A new worm that targets users of America Online\'s AOL Instant Messenger is believed to be the first that actually chats with the intended victim to dupe the target into activating a malicious payload, IM security vendor IMlogic warned Tuesday.

According to IMlogic, the worm, dubbed IM.Myspace04.AIM, has arrived in instant messages that state: "lol thats cool" and included a URL to a malicious file "clarissa17.pif." When unsuspecting users have responded, perhaps asking if the attachment contained a virus, the worm has replied: "lol no its not its a virus", IMlogic said.

The malicious file disables security software, installs a backdoor and tweaks system files, the company said. Then it starts sending itself to contacts on the victim\'s buddy list.

But the worm is programmed so that the infected user cannot see the messages that are being sent out by the worm, according to IMlogic.

"This is a first," said Andrew Burton, director of product management at Waltham, Mass.-based IMlogic. This worm is not widespread, but attackers are just trying out this new technique, he said. "We will see one or two instances of an attack, there will be a refinement and then there will be an outbreak."

The inclusion of an IM bot is another sign that IM worms are becoming more sophisticated. Another worm, also spotted on Tuesday, takes a more traditional route: it spreads under the guise of a holiday greeting card, IM security specialist Akonix Systems said Tuesday.

The holiday worm, dubbed Aimdes.E, targets AIM users and arrives with the message: "The user has sent you a Greeting Card, to open it visit:" followed by a link. Once the target clicks on the link, the worm installs itself on the system. It opens a backdoor on the computer and sends itself to contacts on the buddy list, Akonix said.

Advice to users is to be careful when clicking on links in IM messages--even when they seem to come from friends--and to use up-to-date antivirus software. When receiving a link in an instant message, the best practice is to verify with the sender if the link was sent intentionally or not.

FrankZappa

  • the Bohr to your Einstein
  • Administrator
  • Hero Member
  • *****
  • Posts: 7666
New AIM Virus Going Around...
« Reply #1 on: December 07, 2005, 06:50:24 am »
glad I don\'t use im softwares. good luck with that dave, you use it for work. That must be a pain.
"i heard that after he crossed the finish line he proceeded to wrestle down and pin a full sized grizzly bear"- ds673488

"if i listened to the distance on repeat, i\'d be wearing yellow jerseys like a motherfucker" - zuke

davepeck

  • Administrator
  • Hero Member
  • *****
  • Posts: 14106
New AIM Virus Going Around...
« Reply #2 on: December 07, 2005, 06:52:39 am »
i think i got rid of it.. lisa got it (from al z!), not me.. but it was late last night and i was heated! :mad:

FrankZappa

  • the Bohr to your Einstein
  • Administrator
  • Hero Member
  • *****
  • Posts: 7666
New AIM Virus Going Around...
« Reply #3 on: December 07, 2005, 06:58:23 am »
Quote from: davepeck
i think i got rid of it.. lisa got it (from al z!),


:P smooth al! hope yours is ok.
"i heard that after he crossed the finish line he proceeded to wrestle down and pin a full sized grizzly bear"- ds673488

"if i listened to the distance on repeat, i\'d be wearing yellow jerseys like a motherfucker" - zuke

skalnbyc

  • Taqueria Overexposure
  • Hero Member
  • *****
  • Posts: 5691
New AIM Virus Going Around...
« Reply #4 on: December 07, 2005, 11:59:14 am »
Quote from: davepeck
i think i got rid of it.. lisa got it (from al z!), not me.. but it was late last night and i was heated! :mad:


Sorry Peck, I barely use AIM and shouldn\'t have opened a strange link from someone I rarely talk to.

What did you do to eradicate the bug from the system?  Does it cause any other known infections or disabilities to the comp.?
Lobbying for a Kote>Beer Jubilee>Gypsy Girl>Prom 97>Vortex

Overexjoesure

  • Jai Guru Deva Om
  • Hero Member
  • *****
  • Posts: 2806
New AIM Virus Going Around...
« Reply #5 on: December 07, 2005, 12:53:14 pm »
Lucky enough a warning box popped up before it could open and dld... That was a close one.
Free me from vices, free me from fear.. Free me from anything that keeps me from here.

postom

  • let\'s go pens
  • Hero Member
  • *****
  • Posts: 1131
    • http://
New AIM Virus Going Around...
« Reply #6 on: December 07, 2005, 03:14:26 pm »
there\'s all different kinds of aim viruses, some are much worse than others.

the one i\'ve been working on for a few friends, wasn\'t getting picked up by anti virus programs and spybot wasn\'t removing it, it added clsass32.exe to the registry during start up, who the hell knows what that program was doing, it was a giant mess

(note - do not delete lsass.exe from registry, ever)

good luck

kindm's

  • Who Runs Barter Town...
  • Administrator
  • Hero Member
  • *****
  • Posts: 3119
    • blueberrydreams
New AIM Virus Going Around...
« Reply #7 on: December 07, 2005, 04:51:00 pm »
These types of situations are why I am glad that I install my OS on a seperate partition so worst case scenario I just blow the machine out and reinstall the OS.
"You can bet everything will come to an end. It's going to be ugly and it's going to be a mess, and it's going to be something that somebody did in the name of God...."

    Frank Zappa, Artist as Genetic Design Flaw,
    Ecolibrium Interviews, Vol #19

davepeck

  • Administrator
  • Hero Member
  • *****
  • Posts: 14106
New AIM Virus Going Around...
« Reply #8 on: December 07, 2005, 06:31:12 pm »
Quote from: TreyChica
Lucky enough a warning box popped up before it could open and dld... That was a close one.


joe, what AV are you running? my (lisa\'s) norton didn\'t detect it..

ChrisF

  • Hero Member
  • *****
  • Posts: 3198
    • http://
New AIM Virus Going Around...
« Reply #9 on: December 07, 2005, 07:29:19 pm »
if i recieved that message it doesnt mean i am already infected, right?

i had one on my screen when i got up this morning. i clicked the link thinking it was one of you guys who\'s screen name i didnt recognize. i didnt download the file because firefox asked me if i wanted to download the .pif file first and i clicked no.

davepeck

  • Administrator
  • Hero Member
  • *****
  • Posts: 14106
New AIM Virus Going Around...
« Reply #10 on: December 07, 2005, 07:31:54 pm »
i\'d assume you\'re good, chris.. run a scan just in case.. lisa\'s seemed to run on its own (the .pif disappears after the download)..

the virus she ended up with was the w32.spybot.worm.. didn\'t seem to infect as much as it could have either..

http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html

Overexjoesure

  • Jai Guru Deva Om
  • Hero Member
  • *****
  • Posts: 2806
New AIM Virus Going Around...
« Reply #11 on: December 07, 2005, 07:41:54 pm »
Dave it was a grey box that opened asking if i wanted to open it or save it etc... So I just exited out of the whole thing real quick.  I then checked using McAfee Security Center and Spybot.. Nothing..
Free me from vices, free me from fear.. Free me from anything that keeps me from here.