Tech Talk Discuss PC Hardware, Software, Internet and Other Technology

New IM Virus

Old 12-06-05, 06:21 AM
  #1  
DVD Talk Platinum Edition
Thread Starter
 
Join Date: Jan 2000
Location: Los Angeles, CA
Posts: 3,613
New IM Virus

If you get an IM from a friend on AIM that says something to the effect of "Here's a christmas card for you," then you shouldn't answer it. I have a friend who's known for sending out cards so I clicked on the link. Well, it takes you to a file named "my_christmas_card.scr"

It installed a duplicate "lsass.exe" file into the Windows root folder, installed onto the C: drive two programs "ie.exe" and "temp.exe," as well as installing "cmd.exe.tmp" in the System32 folder.

Norton didn't pick up on any of these viruses. Now Norton's always treated me right, but I'm pretty annoyed that it didn't pick any of this up. I think there's more damage than what's listed above because I'm still having tons of problems. The first problem of course being my stupidity in clicking on the link.

So, be forewarned. Don't go accepting any holiday cheer. And if anyone has any further recommendations for rooting out all the potential damage, that would be great.
tlwizard is offline  
Old 12-06-05, 06:30 AM
  #2  
DVD Talk Limited Edition
 
Join Date: Sep 2000
Location: CT
Posts: 5,177
yeah, i also got one the other day that said something like 'how did your pic get here?' with a link that looked like it was to 'buddypic.com' or something, but i hovered over it to see where it was really going, and it was some sort of file download... didn't click on it, so i'm not sure what the result would have been..

at least it didn't come from kvrdave this time..
mkdevo is offline  
Old 12-06-05, 08:26 AM
  #3  
DVD Talk Special Edition
 
Decadance's Avatar
 
Join Date: Jul 2001
Location: El Paso, TX
Posts: 1,781
Got hit with this twice last night on aim in the form of "Hey this picture looks just like you" and a link to a png file and a "Check out my new picture" with a link to an exe, of course I click on neither but my dumb friends who did kept spamming me with identical ims all night. Curious to see what virus is making the rounds this way
Decadance is offline  
Old 12-06-05, 12:44 PM
  #4  
New Member
 
Join Date: Nov 2005
Posts: 4
which Instant chat programs are effected? msn? Icq?
Zombified is offline  
Old 12-07-05, 06:56 AM
  #5  
DVD Talk Limited Edition
 
Join Date: Sep 2000
Location: CT
Posts: 5,177
pretty sure it's just AIM. my wife clicked on it last night on her computer (grrrr...). wasn't too hard to remove though..

New IM worm chats with intended victims
By Joris Evers, CNET News.com
Published on ZDNet News: December 6, 2005, 5:43 PM PT

You can now instant message with a worm.

A new worm that targets users of America Online's AOL Instant Messenger is believed to be the first that actually chats with the intended victim to dupe the target into activating a malicious payload, IM security vendor IMlogic warned Tuesday.

According to IMlogic, the worm, dubbed IM.Myspace04.AIM, has arrived in instant messages that state: "lol thats cool" and included a URL to a malicious file "clarissa17.pif." When unsuspecting users have responded, perhaps asking if the attachment contained a virus, the worm has replied: "lol no its not its a virus", IMlogic said.

The malicious file disables security software, installs a backdoor and tweaks system files, the company said. Then it starts sending itself to contacts on the victim's buddy list.

But the worm is programmed so that the infected user cannot see the messages that are being sent out by the worm, according to IMlogic.

"This is a first," said Andrew Burton, director of product management at Waltham, Mass.-based IMlogic. This worm is not widespread, but attackers are just trying out this new technique, he said. "We will see one or two instances of an attack, there will be a refinement and then there will be an outbreak."

The inclusion of an IM bot is another sign that IM worms are becoming more sophisticated. Another worm, also spotted on Tuesday, takes a more traditional route: it spreads under the guise of a holiday greeting card, IM security specialist Akonix Systems said Tuesday.

The holiday worm, dubbed Aimdes.E, targets AIM users and arrives with the message: "The user has sent you a Greeting Card, to open it visit:" followed by a link. Once the target clicks on the link, the worm installs itself on the system. It opens a backdoor on the computer and sends itself to contacts on the buddy list, Akonix said.

Advice to users is to be careful when clicking on links in IM messages--even when they seem to come from friends--and to use up-to-date antivirus software. When receiving a link in an instant message, the best practice is to verify with the sender if the link was sent intentionally or not.
mkdevo is offline  

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Thread Tools
Search this Thread

Archive Advertising Cookie Policy Privacy Statement Terms of Service

Copyright 2018 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.