Personal Tech Pipeline | IM attacks spreading| Worms Dupe Yahoo, AOL IM Users

White Papers

Sponsor Resources

WebCasts
Free Newsletter GlossaryContact UsAbout Us
Players & CamsPhones & PDAsHome & AutoOnline

May 25, 2005

Worms Dupe Yahoo, AOL IM Users



Courtesy of TechWeb News

A pair of attacks against the top two instant messaging networks played off current events, particularly 'Star Wars,' and sent security firms scurrying Wednesday to alert users of the danger.

Hackers took advantage of the recent wave of 'Star Wars: Episode III, Revenge of the Sith'' publicity to launch a phishing-style attack on Yahoo Messenger users, said IMlogic, a security firm that specializes in defending instant messaging (IM) networks.

The gambit starts when a user receives an IM from someone on their buddy list, and naively clicks on the embedded link referencing something called "StarGames."

"IM worms are getting very good at using social engineering techniques to get people to click on links," said Jon Sakoda, the co-founder and chief technical officer of IMlogic. "They're becoming very effective."

After users clicked on the link and entered his Yahoo username and password to access what he thought would be a game, a Trojan downloaded to the PC, where it proceeded to IM more copies of the bogus message to all on the system's buddy list. The Yahoo credentials collected from each machine were then e-mailed to the attacker.

"With these compromised IDs," said Sakoda, "the attack could then read the user's Yahoo Mail account, or do other nefarious things, such as use it to send out more malicious code."

The Web site used to host the Yahoo scam was offline as of this writing.

On the same day, a different attack developed against America Online's AIM client and network, said Sakoda. Funny.Movie.AOL, he said, was much more like earlier worms, Bropia and Kelvir, that have hit Microsoft's IM clients several times this year. Funny.Movie.AOL tried to get users to click on a link that downloads malicious code using the message text of "hehe i found this funny movie," where 'this' is linked to a malicious site. The Web site linked to the attack was still up and running mid-morning Wednesday, PDT.

Like its Bropia and Kelvir cousins, Funny.Movie.AOL spreads by harvesting every AIM (AOL Instant Messenger) contact on the infected system and sending new IMs to those who are online.

Both attacks were tagged as a "medium" threat by IMlogic's Threat Center, a clearinghouse supported by IMlogic as well as several prominent partners, including Microsoft, Symantec, AOL, Yahoo, IBM, and HP.

"That rating tracks back to how many customers are impacted," said Sakoda. "A significant portion of users of Yahoo and AIM received these messages that capitalized on current events."

What's remarkable about the newest IM attacks, Sakoda said, is their demonstration of the trend toward more sophisticated instant messaging threats. "There has been an increase in both the intensity and the sophistication of IM attacks," said Sakoda, "and a trend to mimicking what is quite commonplace in the e-mail attack world."

He was speaking specifically of the topicality of the attacks, a tactic e-mail scammers, including worm writers, have long used. "This weekend a lot of the IM conversations were about movies, what with the release of 'Revenge of the Sith'," said Sakoda. "What we're seeing now are just some of the early incidences of topical IM threats."

Although IMlogic won't compile Q2 IM attack statistics until July, the first quarter trend -- which saw a 275 percent increase in 2005's Q1 numbers over the same quarter in 2004 -- continued in April, Sakoda pointed out. "We're still seeing an exponential increase in the number of attacks." April 2005's numbers were up more than 300 percent over 2004's, he added.

The quantity of attacks, he said, are increasing rapidly because hackers have discovered two things about IM. "Number one, your defenses are down in IM. Unlike e-mail, you're not yet trained to be suspicious of IM. Two, and more powerful yet, is that IM uses a model where messages come from IDs that you trust. You might have just had am IM conversation with someone down the hall when you receive a worm from that same person.

"It's why IM worms spread so much faster than mass e-mailed worms," he said.

E-mail This Story
Print This Story
Reprint This Story




Get the latest Personal Tech news, product info, and trends every week.


Related Content

  Right-click and choose Copy to extract RSS Feed URL  Personal Tech Pipeline's Main RSS Feed
  Right-click and choose Copy to extract RSS Feed URL  Personal Tech Pipeline's Blog RSS Feed



Keeping Up To Date On Enterprise Server Tech?
Review our compilation of columns on server security, database software, and Linux issues.
How to Achieve High Performance Through IT
Learn to achieve high performance by aligning IT to
strategic objectives and solutions to unlock that value.
Using Current Performance to Shape
Future Results

Hear new strategies for improving business
performance and results.

Editor's Picks

Well, Microsoft has "unfolded" its "Origami" ultra-mobile PC platform Thursday. It turned out to be a full-featured PC smaller than a tablet but bigger than a PDA. Are you impressed?
Yes! I want one!
Sort of. We'll see.
No! It's too big for a pocket and too small for real computing. What's the point?


In search of personal tech products? See our new Product Finder, where you'll find personal computing devices, communications solutions, security products, and more.



PERSONAL TECH PIPELINE MARKETPLACE (sponsored links)
On the CIO Agenda with IBM
With business growth back on the agenda, the role of the CIO is changing from manager of technology to C-suite collaborator in enabling innovation that matters for the business. Read an executive summary and register to download the full IBM paper.

Symantec Backup Solutions
Desktop to Data Center Protection. Explore the Official Symantec Site.

Block or Secure IM Use
IM threats up 250%. Protect your corporate network. Free Download.

Secure & Easy Console Management with Digi CM
The Digi CM console server provides secure, intelligent & easy access to network devices with a serial console port. With Digi CM, you can securely monitor & control servers, routers, switches & other devices even when your network is down.

Learn how much you save with open source.
Find out how much of a financial impact open source can have on your enterprise. Get these tools now, compliments of JBoss. Go!


Buy a Link Now


Top ten search terms from the TechWeb TechEncyclopedia
How does your pay rate? Check the InformationWeek Salary Survey
Mobilized Solutions Guide: Find and compare solutions for your business
Top Requested White Paper Categories from TechWeb White paper Library
Top ten search terms from the TechWeb TechEncyclopedia