Viruses wiggle into IM chats

[InfoSec News <isn () c4i org>]

http://news.cnet.com/news/0-1005-200-6873022.html?tag=lh

By Jim Hu
Staff Writer, CNET News.com 
August 14, 2001, 12:45 p.m. PT 

Corey Bates was chatting on his MSN Messenger recently when his high
school buddy Trey sent him a winking-face icon. Then Trey sent him
another icon. Then another.

Bates, an 18-year-old who will start his freshman year at Oklahoma
University this month, knew it was uncharacteristic of Trey to flood
him with winking faces--a popular "emoticon" used to color text-based
IM conversations. His suspicions grew when the alias
"george.w.bush () whitehouse gov" suddenly flashed on his screen along
with an invitation to accept an attached file called "choke.exe."
Unlike his friend, who obviously had been bitten by a virus, Bates
knew better than to accept it.

"I was like, 'What the heck? Something is wrong,'" Bates said in an IM
exchange with CNET News.com on Monday.

Having long targeted e-mail with sometimes devastating effects, virus
and worm creators are setting their sights on IM services. Infected
files, for example, have been burrowing their way slowly through
Microsoft's MSN Messenger network over the past few months.

Discovered by virus hunters in late June, the so-called Choke worm
marked the second attack aimed at MSN Messenger in as many months. In
May, the service was struck by the W32/Hello worm. Security experts
said they are as yet unaware of any virus attacks that might have
targeted AOL Time Warner's AOL Instant Messenger (AIM) and ICQ or
Yahoo's Yahoo Messenger.

Virus writers in search of the biggest bang for their bugs have
targeted various types of networks, including peer-to-peer file
exchanges and wireless Web systems. None have proven as effective as
e-mail, however, where some viruses have rapidly gained the force of
an avalanche through large corporate e-mail systems. Once a virus is
activated, it can shoot itself out to everybody in a victim's address
book, leading to an exponential growth rate.

IM viruses discovered so far have been relatively innocuous compared
with virulent e-mail-borne infections such as the Love Bug, Anna
Kournikova and Melissa.

"E-mail is still the most effective way to get viruses around," said
Richard Smith, chief technology officer of the Privacy Foundation.

Nevertheless, some computer security experts say it is only a matter
of time before similar outbreaks plague IM services.

Already, millions of people on the Internet communicate through
instant messengers, which let people exchange text messages in real
time and have become some of the most popular features on the
Internet.

Corporate acceptance?

Instant messaging has yet to gain an official foothold in many
corporations, but that is likely to change. For example, Microsoft's
upcoming Windows XP operating system will add new features to its
instant messenger that may be attractive to corporations, such as
document sharing and video conferencing.

"As more people migrate to XP, there is an increased risk because it
becomes an attractive element for a virus writer," said Vincent
Gullotto, the senior director of McAfee's Avert group.

In addition, computer security experts said they are particularly
concerned because few defenses have been developed to protect IM
networks from viruses.

"One of the interesting aspects of instant messaging viruses is most
antivirus products don't necessarily stop them," said Elias Levy,
chief technical officer of SecurityFocus.com. "There are antivirus
products that attempt to detect e-mail messages, but I don't know of
any that will support instant messaging protocols."

Microsoft urges defense

In response to the Choke worm and other potential viruses sent through
its IM systems, Microsoft believes the user is the first line of
defense.

Like other viruses propagated through e-mail, Choke is contained in an
attachment. Once opened, Choke can send itself out to people on one's
MSN Messenger buddy list, increasing the chances that someone else
will open an infected file and repeat the cycle.

That means people can prevent its spread with a little common
sense--for example, by treating attachments sent by strangers with
caution.

"An MSN Messenger user needs to go through a few steps, which include
warning messages, in order to receive and download the file," said
Sarah Lefko, an MSN product manager. "Then, the user would have to
actually double click and execute the file itself in order to
propagate the virus."

Lefko said Microsoft has issued an alert on its MSN Messenger site.

MSN's service competes with the two largest IM services, AIM and ICQ,
which are owned by AOL Time Warner. That company's America Online
service, which runs the instant messengers, has been the target of
hackers and scammers trying to steal passwords and credit card
numbers.

A spokesman from the company's AOL division said security measures are
used for the IM services but would not go into detail for fear of
tipping off virus writers. Since e-mail and instant messaging run on
separate systems, AOL must develop separate security measures.

"Both systems have security measures built into them," said Andrew
Weinstein, an AOL spokesman. "But the systems are obviously designed
for the needs of each product."

For now, security experts appear to be hedging their bets, warning of
the danger without predicting the imminent arrival of an IM Love Bug.

"If history tells us anything, technologies used by many people can be
used by other people on the fringes," said Steve Trilling, director of
research at Symantec's antivirus research center. "From a security
perspective, it's of immediate concern. But at this point it's
difficult to say what sort of problem this will become down the road."



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.