Pipeline Worm Floods AIM With Botnet Drones 196
Several reader write about a new AIM threat
dubbed the "AIM Pipeline Worm" that uses a sophisticated network of "chained" executables to attack the end user. Security Focus has a brief note. One anonymous reader writes: "Using this method, there is no starting point for the attack — a malicious link via IM can send you to any given file, at which point the path of infection you take depends entirely on the file you start off with. The hackers can then decide which order to install malicious software, depending on their needs at the time. At a bare minimum, you will become a Botnet Zombie — if you're really lucky, you might be Trojaned, have a Rootkit installed on your PC, and be used for spam, file storage, and DOS attacks. Unlike similar attacks that have been attempted in the past, the removal of a file from the chain will not stop the attack — you will simply end up with something else installed instead, in the form of a randomly named executable dumped in your system32 folder. You'll still spam an infection link to all your contacts."
Re:Good thing it's AIM ... (Score:2, Interesting)
Re:And the lesson is... (Score:4, Interesting)
Don't worry. I'm sure everyone there has installed AIM on their computers without letting the IT department know.
Re:And the lesson is... (Score:5, Interesting)
Many, many companies block AIM at the firewall. Ask at your next interview.
There is more wrong with the above scenario than just that. Blocking AIM is usually what happens at two kinds of companies, those that somehow think it will help productivity and those who are security paranoid. At the former, the working conditions probably suck. At the latter, a competent admin will have a Jabber server that connects to AIM and filters for malware. Otherwise, technical employees are likely to bypass security by SSH tunneling their IM communications, which is a risk in and of itself.
The other thing wrong with this is paying for a propriety IM solution instead of going with a free, open, standard, interoperable, secure Jabber server. With jabber you can chat with any other Jabber server using a variety of clients on a variety of platforms. Internal communications are fully internal, running on your own server. External communications can be encrypted. Any company that pays for some other, proprietary IM server is probably run by incompetents and should be avoided.
Re:i love it... (Score:2, Interesting)
Re:And the lesson is, don't use omnipod, use jabbe (Score:5, Interesting)
ur users do actually get alot of latitude with thier machines (programming shop, they have to have it) but there are certain things we do not allow. Public IM networks are one of them.
Having worked at a number of programming shops, that doesn't sound like a lot of latitude to me. If you can't install arbitrary software because of an AD policy and you audit people's machines it sounds like a very authoritarian place that does not trust the workers very much. Here we get a choice of computer brand (1 of 3), laptop or tower, any OS we want, and any software we feel like. We're also responsible for keeping our machines moderately secure. We have internal IRC servers and any IM we want is fine. Shop talk is encrypted by policy, either over Jabber or on top of a public network like AIM.
I think it is pretty darn useful. I have a lot of friends and colleagues on both of the aforementioned IM networks who I regularly consult and vice versus. This provides me with an additional resource as well as makes for a more relaxed atmosphere, like when I want to see if my girlfriend wants to meet me for lunch, or just want to chat with old college buddies. I think the fact that my company trusts me is a lot more valuable than tight security policies. Most serious compromises come from within. Because they trust me I'm happier and I'm also a lot less likely to sell them out. Contrary to what you may have heard, studies show the most effective motivation for not exploiting an employer is not fear of punishment or being fired or jail, but an ethical desire to not hurt those who trust you. If your company does not trust you (audits, arbitrary restrictions) then that motivation is removed.
Re:Simple risk mitigation (Score:3, Interesting)
The kids will often need to use MyJal to download ringtones into their Nextel's. Could probably get this working under Wine, but haven't tried yet.
And everyone uses Pogo games, some work under Firefox but some don't.
But slowly I'm getting everyone switched over. I've already set up a thin client (LTSP-based) system using an old cyrix system, which runs a desktop off the main server. Everyone will use this secondary system when the Windows box is "acting stupid" as they put it. So far, it is working for almost everything, but not quiet there yet.
Re:And the lesson is, don't use omnipod, use jabbe (Score:3, Interesting)
Funny, I thought that when I was sitting at my desk, I was at work. What I'm actually doing at my desk has nothing to do with whether or not I am at work.
Oh, and by the way, open your eyes and read this:
What's Next: Stupid Productivity Tricks [inc.com]
You say you don't care if people walk around for a bit? Eat your words:
"recreational Web surfing has become a kind of mental floss for workers who spend their days sucking in a stream of work-related data that now comes in at a firehose pace--it's the information age equivalent of a walk around the block."