Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

New IM Worms Hit MSN Messenger
TechWeb News ^ | March 07, 2005 | Gregg Keizer

Posted on 03/07/2005 3:27:17 PM PST by RebelTex

New worms spreading through MSN Messenger -- and its bundled-with-Windows Windows Messenger version -- via links to a malicious site are infecting users and leaving their PCs open to hacker hijack, security vendors reported Monday. The new worms, tagged as Kelvir.a and Kelvir.b, appeared over the weekend and on Monday, respectively, anti-virus vendors said. Both use the same mechanism to attract users and infect Windows-based PCs: they include a link in the instant message. That link, in turn, downloads a malicious file -- the actual worm, a variant of the long-running Spybot -- which opens a backdoor to the compromised machine.

Kelvir spreads by sending itself to all the MSN/Windows Messenger contacts on the infected PC, and poses as cryptic messages such as "lol! see it! u'll like it!" and "omg this is funny!" The link opens a .pif-formatted file.

.pif files are also often a format-of-choice for mass-mailed worms.

Also on Monday, another worm -- dubbed Sumon.a by U.K.-based Sophos -- was discovered spreading via MSN/Windows Messenger. Sumon, which propagates over peer-to-peer file-sharing networks as well, is much more aggressive. It disables a long list of security software, tries to overwrite the HOSTS file so commonly-accessed security Web sites can't be reached, and picks from a large number of links, including "Fat Elvis! lol!" and "Crazy frog gets killed by train!" to entice downloads.

(Excerpt) Read more at techweb.com ...


TOPICS: News/Current Events; Technical
KEYWORDS: computersecurity; email; exploit; hack; hacker; instantmessenger; internetexploiter; lookoutexpress; lowqualitycrap; messenger; microsoft; securityflaw; virus; windows; worm
Navigation: use the links below to view more comments.
first 1-2021-4041-6061-76 next last
Here we go again. More stupid stuff to worry about. I'm beginning to get annoyed by these hackers and crackers. Maybe we should add them to the terrorists most wanted list.

(Yeah - I know, get an Apple or install Linux. No time to learn a new system - stuck with XP.)

The last paragraph in the article offers a website with a free download of an IM Detector.

"IMLogic runs the IM Threat Center, a site that, in cooperation with anti-virus vendors including Symantec and Sophos, has been listing emerging IM and P2P exploits since December, 2004. The company also offers a free IM threat analyzer, called IM Detector Pro, for download from its site."

1 posted on 03/07/2005 3:27:20 PM PST by RebelTex
[ Post Reply | Private Reply | View Replies]

To: RebelTex

oops - forgot the link to the IM Detector website.

http://www.imlogic.com/products/im_detectorpro.asp

There ya go - let me know if anyone trys it and it's any good.


2 posted on 03/07/2005 3:29:49 PM PST by RebelTex (Freedom is everyone's right - and everyone's responsibility!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: RebelTex

Run AMSN instead -> http://amsn.sourceforge.net/


3 posted on 03/07/2005 3:29:50 PM PST by Brian328i
[ Post Reply | Private Reply | To 1 | View Replies]

To: RebelTex

Crapppppppppp! My kid is home for spring break bump.


4 posted on 03/07/2005 3:30:12 PM PST by freeangel ( (free speech is only good until someone else doesn't like what you say))
[ Post Reply | Private Reply | To 1 | View Replies]

To: Brian328i
"Run AMSN instead -> http://amsn.sourceforge.net/"

Very good suggestion!

5 posted on 03/07/2005 3:33:47 PM PST by KoRn (~Halliburton Told Me......)
[ Post Reply | Private Reply | To 3 | View Replies]

To: RebelTex; HAL9000; Mo1; Howlin; cyncooper; BillF; Vision; MD4Bush; NCPAC

PING.


6 posted on 03/07/2005 3:35:49 PM PST by conservative in nyc
[ Post Reply | Private Reply | To 1 | View Replies]

To: RebelTex
I'm beginning to get annoyed by these hackers and crackers

Yeah, the legal system is too good for them. I wouldn't be upset with a little street justice.

It's like someone tries to break into your home, so you install a security system. They come back, you add more security. They come back, you add even more security.

At some point you just want to beat the crap out of them.

7 posted on 03/07/2005 3:37:15 PM PST by Flyer (That flight attendant is not missing playing below the bridge at this exact moment)
[ Post Reply | Private Reply | To 1 | View Replies]

To: RebelTex

Just sent my son an IM telling him not to click on links... and provided a link to the warning site.

This will be interesting to see how he reacts.


8 posted on 03/07/2005 3:38:05 PM PST by Paloma_55
[ Post Reply | Private Reply | To 1 | View Replies]

To: RebelTex

bump to do later this PM. Thanks for the information


9 posted on 03/07/2005 3:39:52 PM PST by engrpat
[ Post Reply | Private Reply | To 1 | View Replies]

To: RebelTex
No time to learn a new system - stuck with XP.

Migrating to Mac takes a lot less time that continually dealing with Microsoft viruses, worms and spyware. Windows is the ultimate time waster.

10 posted on 03/07/2005 3:40:03 PM PST by HAL9000 (Get a Mac - The Ultimate FReeping Machine)
[ Post Reply | Private Reply | To 1 | View Replies]

To: RebelTex
the actual worm, a variant of the long-running Spybot

UH OH.

Does that mean if 'you' have downloaded the spybot 'detection program', that 'you' have downloaded a worm/virus/bug/etc???

11 posted on 03/07/2005 3:40:51 PM PST by mommadooo3
[ Post Reply | Private Reply | To 1 | View Replies]

To: rdb3; chance33_98; Calvinist_Dark_Lord; Bush2000; PenguinWry; GodGunsandGuts; CyberCowboy777; ...

MSN Virus ping


12 posted on 03/07/2005 3:43:23 PM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Paloma_55
telling him not to click on links... and provided a link to the warning sit

Laugh!

Catch 22.

13 posted on 03/07/2005 3:43:31 PM PST by Flyer (That flight attendant is not missing playing below the bridge at this exact moment)
[ Post Reply | Private Reply | To 8 | View Replies]

To: RebelTex
(Yeah - I know, get an Apple or install Linux. No time to learn a new system - stuck with XP.)

Some of us have similar situations, and don't have the luxury of ditching Windows. After last July's nasty hijacker, I tried Mandrake 9... until the wife-unit turned on me. She uses Win2K at work and brings piles of it home. That, plus hardware problems, made it just not worth it.

14 posted on 03/07/2005 3:43:58 PM PST by backhoe (-30-)
[ Post Reply | Private Reply | To 1 | View Replies]

To: freeangel
"Crapppppppppp! My kid is home for spring break bump."

LOL - maybe you could try:
1. Make the computer off limits (yeah, right).
2. Upgrade to a new system, but don't open the box until spring break's over (yeah, right).
3. Threaten to take away the keys if... (wait, that's the car - nevermind).
4. Reformat the hard drive and reinstall (yeah, right).
5. Disconnect the cable or modem or don't pay the ISP, they'll disconnect for you, (yeah, right - and be without FR until break is over? - nah).
6. Take a vacation without the kids, but take your computer with you (yeah, right).

Well, I tried - can't win them all.

15 posted on 03/07/2005 3:51:24 PM PST by RebelTex (Freedom is everyone's right - and everyone's responsibility!)
[ Post Reply | Private Reply | To 4 | View Replies]

To: RebelTex
Me? I like a virus that makes my computer freeze up like a rasberry smoothie.

LVM

16 posted on 03/07/2005 3:53:21 PM PST by LasVegasMac ("God. Guts. Guns. I don't call 911." (bumper sticker))
[ Post Reply | Private Reply | To 1 | View Replies]

To: Brian328i; KoRn
"Run AMSN instead..."

Does that run on WinXP?  And does it use any core messenger technology?

I don't IM anyway, so I'm not too worried about this threat.

Thanks, anyway.

17 posted on 03/07/2005 3:54:54 PM PST by RebelTex (Freedom is everyone's right - and everyone's responsibility!)
[ Post Reply | Private Reply | To 3 | View Replies]

To: RebelTex
More stupid stuff to worry about.

Install an antivirus program or better yet, an internet security suite; keep it up to date using the auto update feature; and configure it to scan instant messages, as well as every file you open. I can't guarantee that you will never get a virus, but you will have to work pretty hard to get one.

Of course if we all went out and brought an Apple or used Linux and Firefox, then we would be immune to viruses, at least until Apple, Linux, and Firefox capture enough market share to make writing viruses for those OS's and applications worth the effort. I guess that's one of the really good things about marketing a product that relatively few people want or use or even know or care about.

18 posted on 03/07/2005 3:54:56 PM PST by Labyrinthos
[ Post Reply | Private Reply | To 1 | View Replies]

To: Flyer
"At some point you just want to beat the crap out of them."

Ain't that the truth.

19 posted on 03/07/2005 3:56:07 PM PST by RebelTex (Freedom is everyone's right - and everyone's responsibility!)
[ Post Reply | Private Reply | To 7 | View Replies]

To: RebelTex

I use Trillian for all of my IM programs. I wonder if it will block this from happening....


20 posted on 03/07/2005 3:58:08 PM PST by Jackknife (No man is entitled to the blessings of freedom unless he be vigilant in its preservation.-MacArthur)
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-4041-6061-76 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson