----- Original Message -----
From: "Parker" <parker@xxxxxxxxxxxxxxxxxxxxxx>
To: "Internet News" <inter@xxxxxxxxxxxxxxxxxxxxxx>
Sent: Tuesday, November 01, 2005 8:12 AM
Subject: Internet and Technology News Worm affects AOL instant messages
BBC NEWS
Worm affects AOL instant messages
Users of America Online's instant messenger are being warned about a worm
spreading
via the chat network.
The Windows worm installs spyware programs and turns over control of the
machine
to the creator of the virus.
Studies show that malicious programs designed to attack instant message
networks
have grown dramatically over the past 12 months.
But some security firms say the threat to users of these chat systems is
still relatively
low.
Growth factor
The warning about the instant messaging worm came from FaceTime Security
Labs which
said that the program is a nastier variant of an older Windows virus.
As well as installing lots of software that will mean infected users get
bombarded
with pop-up adverts, the SDbot variant also includes a chunk of software
known as
a root kit.
This means that the virus can hide deep inside the Windows operating system
and makes
it hard for anti-virus programs to detect and remove it.
The code included in the worm turns compromised machines into proxies under
the remote
control of a virus writer so they can be used to attack other websites,
relay spam
or as a store for pirated or illegal data.
Figures gathered by instant messaging security firm IMLogic suggest that the
numbers
of viruses written to attack such networks are growing fast.
In the 12 months since September 2004, there was a greater than 2000%
increase in
the number of viruses reported that attack instant message and peer-to-peer
networks.
Sean Doherty, a spokesman for IMLogic, said that all the attacks it was
seeing were
clearly being done by attackers looking to make money.
Most of the worms seek to install spyware, unwanted pop-up ad programs or
try to
use the machine as a base for other activities.
"It's much more the economic crime aspect of it," he said.
Almost all the attacks revolved around making someone visit a website to
download
a program that hides its true intent, said Mr Doherty. Once these programs
were installed
they scoured "buddy lists" for new victims to infect.
Because instant messages have no subject line and tend to resemble
conversations,
people are regularly caught out by malicious messages that hide their
origins.
"Users are much more likely to click on web links in an instant message than
in an
e-mail," said Mr Doherty.
Viruses and worms written for instant message networks tend to spread
quickly once
they penetrate an organisation.
"It's like a social network effect once one person has become infected," he
said.
"Once it enters an organisation we are seeing the peak of infection about 20
minutes
later.
Dmitri Alperovitch, a principal research engineer for computer security firm
Ciphertrust,
said stopping IM viruses spreading can be tricky.
"A lot of organisations have no control over that traffic," he said. "It
bypasses
all their security appliances and goes right into their organisation."
Threat assessment
Virus writers like instant message networks because they have many utilities
associated
with them that help people collaborate on projects and documents. Many of
these are
easy to subvert to put a machine under someone else's control.
Despite the growing threats, the number of viruses written specifically for
instant
messaging networks is very small compared to the mass targeting e-mail.
IMLogic records that there are 713 unique threats that target instant
messaging and
peer-to-peer networks. By contrast there are tens of thousands of e-mail
viruses.
What is helping to limit the spread of IM viruses is the fact that the
companies
behind the bigger networks (Microsoft, Yahoo and AOL) have kept them as
walled gardens.
As a result a virus written for one network cannot instantly leap to
another.
"They are different systems that are fundamentally separate," said James
Kay, chief
technology officer at security firm BlackSpider.
But, he added, that most customers were more worried about spam and viruses
for ordinary
e-mail than they were about the threats coming in via instant message
networks.
The number of incidents that BlackSpider customers were reporting was very
low, said
Mr Kay.
"The customer pull really is not there yet," he said.
Story from BBC NEWS:
http://news.bbc.co.uk/go/pr/fr/-/2/hi/technology/4393824.stm
Published: 2005/11/01 09:31:53 GMT
© BBC MMV
We supply this information as a service and do not endorse it or recommend any action being taken based upon it. Any decisions taken, by the subscriber, are entirely your own responsibility. This is an announce only list. All replies will go only to the list moderator. To unsubscribe from this list, press Enter on the link below. A pre-addressed message will pop up, simply send it. mailto:inter@xxxxxxxxxxxxxxxxxxxxxx?subject=unsubscribe If you wish to recommend this list to a friend, send the following link to them. mailto:inter@xxxxxxxxxxxxxxxxxxxxxx?subject=subscribe We hope that you're enjoying this list. www.accessible-devices.com
__________ NOD32 1.1269 (20051031) Information __________
This message was checked by NOD32 antivirus system. http://www.eset.com
