Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×

IM Worm Attack Cloaked in Virtual Card Hoax 31

Posted by CowboyNeal from the giving-props dept.
An anonymous reader writes "There's a new Instant Messaging Worm on the loose that is wrapped up in more than a few interesting twists. The people behind the infection lure users in with a message on a Russian hosted website claiming to have 'a virtual card for you' — a reference to the famous Email hoax listed on Snopes and numerous other web hoax sites. At the point of infection, the worm opens up a picture of a heart (from a site called Quatrocantos.com that tackles web scams on a daily basis) — this picture itself related to a different 'virtual card' hoax from 2002. Bearing in mind the people behind this attack are deliberately serving up an image from a 'good guy' website related to virtual card hoaxes, the question is — are they attempting to create a real life infection out of a web-based piece of lore, making a calculated move to tie this attack into numerous Web hoaxes, possibly to confuse infected users looking for help online or simply having a little fun at the good guy's expense?"
This discussion has been archived. No new comments can be posted.

IM Worm Attack Cloaked in Virtual Card Hoax More

IM Worm Attack Cloaked in Virtual Card Hoax

Comments Filter:

  • All of it. (Score:2, Insightful)

    by Abreu ( 173023 )
    are they attempting to create a real life infection out of a web-based piece of lore, making a calculated move to tie this attack into numerous Web hoaxes, possibly to confuse infected users looking for help online or simply having a little fun at the good guy's expense?

    All of the above?

  • Stupid (Score:4, Insightful)

    by Dan East ( 318230 ) on Saturday September 23, 2006 @11:00AM (#16167151) Journal
    It's rather stupid for them to link to an image out of their control - especially considering it is hosted by their "enemy". Now Quatrocantos can change the image to display a warning that the user's computer was infected. I think that is more of an insult to or vendetta against Quatrocantos than it is some sort of cloaking or other intelligent design.

    Dan East
    • If they can infect several thousands of systems within the first hour or two, maybe that's good enough to suit their purposes. Some of the email virus or network worm propagation techniques were "stupid" in the sense that they could be easily blocked -- once people knew how it worked. The TFTP callback used by several different worms springs to mind, very easily blocked with a filter rule in a router. In the first few hours, however, hundreds of thousands of systems were infected. Stupid is as stupid do
  • All kinds of viruses, trojans, and worms that we hear about on an almost daily basis now are nothing new and if you notice the articles they normally do not claim they are. Trojans going around on MSN, AIM, Yahoo!, Jabber, IRC, E-mail, Microsoft Messenger, Randor random web searching, or anywhere else have been around for many many years now. Is this even newsworthy? In my opinion it is not.
  • ...or for anyone else who's checked the contents of their spam folder lately. I've been getting announcements that "you've been sent an e-card" with a link to an .exe on a bare IP address or a foreign site with a nonsensical DNS name for... years? Many months, definitely.

    • Re: (Score:2)

      by RKBA ( 622932 )
      Very true. There is no way to protect fools against themselves. What's really funny is to receive an email embedded with HTML and various images in Thunderbird. It just shows image "placeholders" all over the place and some of the raw HTML, har, har. The only thing that gets through is plain ASCII text. :-)

  • Template for this story (Score:4, Insightful)

    by Sloppy ( 14984 ) on Saturday September 23, 2006 @12:53PM (#16168001) Homepage Journal

    Hostile code was sent to prospective victims, in the hopes that they would either be dumb enough to run it, or dumb enough to run client software that "helpfully" runs it for them. Of course, the hostile code should be run without any sandboxing, with all the same capabilities as the victim.

    Now take this template, and fill it in with irrelevant and uninteresting details. Maybe the hostile code poses as something the victim has seen before. Maybe stress how amazing it is that people still fall for it. Maybe stress how amazing it is that people still run client software that supports easy execution of hostile code. Maybe leave all this out, so that the victims' ignorance isn't mentioned and therefore the hostile code sounds all the more threatening -- i.e. IT COULD HAPPEN TO YOU, SO YOU BETTER BE SCARED (small print: if you're a fucking idiot who hasn't learned anything in the last decade or so). Now your article is ready to be submitted to Slashdot as a major story.

    • Re: (Score:1)

      by Anonymous Coward
      i love the consistently asshole-ish comments when a story about a virus/worm/trojan/whatever hits windows.

      "small print: if you're a fucking idiot who hasn't learned anything in the last decade or so)"

      well done professor internet, what a pity that there are INDEED "fucking idiots" who will click on pretty much anything put in front of them. I've no doubt quite a few of these net noobs will stumble upon that article (or others like it) and happily avoid infection.

      the thing that makes the writeup interesting,

      • Re: (Score:2)

        by Sloppy ( 14984 )

        what a pity that there are INDEED "fucking idiots" who will click on pretty much anything put in front of them. I've no doubt quite a few of these net noobs will stumble upon that article (or others like it) and happily avoid infection.

        Or they can read the article template, and as soon as they realize "hey wait, the malware spreaders will try to trick me by making malware appear unthreatening?" then they'll happily avoid infection forever because they'll begin a policy of not executing whatever arbitrary c

  • Given that there are direct references to two different virtual card hoaxes in the "attack" itself maybe everyone's looking at it from the wrong slant...

    My gut reaction is that this is some (extreme) degree of internet art. This article [about.com] about hoaxes being essentially viruses in and of themselves says a lot about what may have motivated this particular form of expression.

    Maybe whoever made this virus was making a statement about what is "known" (What is well known not to be a virus). They may have al
  • This news is a bit stale - the attack started several weeks ago, and most AV vendors detect the binary in question..
  • when you send an eCard to someone, you have to submit your email adress and the email adress of the recipient... and guess what - the eCard providers sell these email adresses to spammers! - surprise surprise! did you think they had done the programming work and offer the service and their traffic for free?
  • I was interested as to whether there was anything new to learn about this attack that would make me safer in the future. I use all the operating systems because I can write programs for all of them. Each has it's benefits and it's liabilities. Reading through these responses was a complete waste of time and used up today's quota of time for reading /.
  • Much of the work done by several programs are invisible to user. People behind it attempt to attack dumb user by hiding themeselves behind this 'good guy' image. User absolutely has no idea of what they had received by accessing all the files, programs and webpages. Then the virus attack everything the infected user touch. Moral of the story: "Update the antivirus regularly to detect any 'malicious thingy' and ignore spam emails."
  • come on...of course virus are always on the loose...that is why there are a thingy that is called 'antivirus'. it could check if there is any error in the system.so....update your antiviruses...

Slashdot Top Deals

If you think the system is working, ask someone who's waiting for a prompt.

Close