Your Computer Is Under Attack---LOL

New York Times ^ | Feb. 20, 2006 | Alex Mindlin

[firebrand]

142---Number of unique I.M. viruses in 2004
2,403---number of unique I.M. viruses in 2005

The number of viruses transmitted through instant-messaging software surged in the last year. . . .

Such viruses typically arrive in innocuous-looking messages, ostensibly from an I.M. buddy, [urging] the recipient to download software that turns out to be malicious.

[E]-mail inboxes are increasingly well protected against viruses, forcing hackers to look at other modes of transmission. . . .

Another innovation last year was the first talking I.M. virus, which chatted with its targets. . . . [O]ne of its favorite phrases was "lol that's cool."

[hamboy]

I use Red Hat's Fedora desktop OS with almost everything, e.g., M$ Office equivalent, Limewire, etc. I don't worry anymore.

[ShadowAce]

[HOTTIEBOY]

[Egon]

You're protected by AngelFire??

[Doohickey]

Limewire

At least you feel like you can steal in relative safety.

[firebrand]

Well, of course. I don't buy it. I read it to keep my blood pressure from getting too low.

[Turbopilot]

These things are annoying, and easy to fall for. You'll get an IM from someone on your buddy list with a message like, "Hey, man, check out these pics I took of us." The link will be to a file named something like "img00213.jpg.com", which of course will usually display as just img00213.jpg on a lot of systems. So you innocently click your friend's link, and you're infected. "You" (rather, your screen name) then sends that same text message with the malware to everyone on your buddy list, which is how it propagates.

I use a product from Zone Labs (maker of the popular ZoneAlarm firewall, which I also use) called IMSecure. The free version is fairly limited, but it will encrypt conversations (if both parties have the software) and automatically filter out links. This filtration is cruder than the pay version, which I understand will actively determine whether a link is malicious, but as kind of an experiment I avoid paying anything for my security. If someone wants me to turn off that option and send me a link, they have to tell me in advance, so I know it's legit.

[zeugma]

The link will be to a file named something like "img00213.jpg.com", which of course will usually display as just img00213.jpg on a lot of systems.

You'd think that by now MS-Windows would display the complete file name.  They are eventually going to have to do something about allowing files to execute based on extension name too. That's just asking for trouble.

[When_Penguins_Attack]

These things are annoying, and easy to fall for.

two words:

gaim
kopete

[postaldave]

i was thinking the same thing, a .com file wouldn't work with gaim would it?


for you non techs out there .com is also a program file like .exe. it is old school dos crap and would still works on XP.

hint:under tools in explorer you can turn off "hide know extensions" to see what files really are.

[Ed_in_NJ]

Big new threat is Google Desktop 3 -- anyone not familiar with its operation should 'read before buying.' It can expose all your files to the world.

[Centurion2000]

bump for later

[MizSterious]

You can actually configure your computer to do that. Go to "My Computer" and click on "Folder Options." From there, look for "Hidden Files and Folders." Unclick the option "Hide extensions for known file types." Personally, I can't imagine why anyone would want to hide that kind of information.

[Turbopilot]

Well, it is an option that can be set or unset in Windows, although it defaults to not displaying extensions for known file types. I have it unset on my computer, and I'm not actually sure what the point of hiding the extensions is.

I should have been a little more clear; in this case it's a simple matter of HTML. Typing "<a href="http://www.badwebsite.com/virus.com>http://www.safepicturewebsite.com/img01234.jpg</a>" will display http://www.safepicturewebsite.com/img01234.jpg but clicking on it will actually run virus.com from http://www.badwebsite.com. Unless you think to right-click on the link and look at its properties, you don't know you're clicking on a malicious link.

[Turbopilot]

I first thought you were insulting me in a foreign language :-p

It looks like both those products are written for Linux. Is there a similar "generic" AIM client for XP that has higher protection levels?

[Calvinist_Dark_Lord]

GAIM also exists for Windows. i use it when i'm on Windows XP. (not much these days).

[hamboy]

Angelfire, lol. I was just gonna put the animated dancing pengiun.

[zeugma]

Ya. I'm aware of that. It's the first thing I do when someone suckers me into doing something with their windows computer. One would think by now that one of those monthly defect fixes Microsoft releases would set this to be default behavior. I mean, we know that it is a serious problem, and sets people up to do stupid things. Why not have it safe by default, rather than the opposite. Oh, yeah. I forgot I was talking about Microsoft for a moment. Never mind.

[Ernest_at_the_Beach]

News - Gaim

A Linux/UNIX instant messenger client, which can handle multiple protocols, including AIM, ICQ, Yahoo!, Jabber, and Gadu-Gadu.
gaim.sourceforge.net/ - 14k - Cached - Similar pages
SourceForge - Downloads - FAQ - Screenshots
More results from gaim.sourceforge.net »