Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

New Worm Starts Munching MSN Users 168

Kosmik writes "It appears that MSN has been struck by a vindictive new worm, according to security company Panda Software. The worm, acting in the vein of movies like the Ring and FearDotCom, delivers a fateful terror message and then proceeds to disable most of your protection software like anti-virus,firewalls and even your Windows control apps (TaskManager, Regedit). It distributes itself to all your MSN contacts by sending a video called 'Fantasma.'"
This discussion has been archived. No new comments can be posted.

New Worm Starts Munching MSN Users

Comments Filter:
  • GAIM (Score:3, Insightful)

    by eldavojohn ( 898314 ) * <eldavojohn&gmail,com> on Thursday June 15, 2006 @09:43AM (#15539895) Journal
    So I connect to the MSN network but through a nice free little app called GAIM [sourceforge.net].

    My friends often try to send me files or pictures or videos through the MSN network and it doesn't work. They get annoyed and tell me to "just use MSN." I'm told that GAIM is stupid & crappy for not supporting these features.

    Really makes you wonder if the people who developed gaim couldn't figure out how to make the videos/pictures stream through the chat box ... or if it was a design decision by choice to avoid hidden viruses that the codecs unpack in the media files. Probably the latter.

    GAIM also works on a number of other chat networks--as chat clients should. Another thing about chat clients is that they should stick to limited functionality. There are way more secure ways to transfer files. I don't want a profile, I don't want it integrated with my operating system (married to the kernel), I don't want media streaming, I just want to chat.

    Don't bloat your software.
    • Miranda (Score:2, Informative)

      Or on windows, you could try Miranda
      http://www.miranda-im.org/ [miranda-im.org]
    • Re:GAIM (Score:5, Informative)

      by CSZeus ( 593470 ) on Thursday June 15, 2006 @09:46AM (#15539922)
      Seeing as Gaim is in the process of working on what they call their vv module (the v's standing for voice and video), I don't think it was as much of a security-driven choice as it was a time-driven choice. That or they've had a change of heart, whichever you deem more likely ;)
      • Except vv GAIM hasn't been worked on since 2005, dropped by decision.
        • Re:GAIM (Score:5, Informative)

          by CSZeus ( 593470 ) on Thursday June 15, 2006 @10:14AM (#15540177)
          "Gaim 2.0.0 beta 2 does not include voice or video ("vv") support for any protocols. We've done some work toward vv compatibility for Google Talk, but it isn't ready for the general public yet. It is unlikely this will change for the final release of Gaim 2.0.0, but vv will be a primary focus for the next major release of Gaim after that." (emphasis mine) As per their news page circa January, 2006 (link [sourceforge.net])
    • Even if you don't use GAIM (although I do), you need to be aware to: a) not click on random links b) disable running .com, etc files from your browser c) realize that your friends usually mention something about a link they send...see a) It is just a common sense thing, just like how to drive safely, cook safely, or even eat safely (if theres a razor blade in it, don't eat it). Educating the public is cheaper than patching the problem. Or in proverb form : "An ounce of prevention is worth a pound of cure.
      • Re:GAIM (Score:3, Insightful)

        by compro01 ( 777531 )
        Educating the public is cheaper than patching the problem.

        you obviously under-estimate the difficultly of educating the average computer user.

        here's a little proverb in reply "Ignorance can be cured, but stupid is forever."
      • It is just a common sense thing, just like how to drive safely
        Yep, we're doomed.
      • Educating the public is cheaper than patching the problem.

        You've obviously never tried educating the public.

        According to your logic, MS shoud stop poking at Vista and just start some kind of "educating the masses" campaign to try and contain the proliferation of malware. I wish them good luck with that.

        Between patching the problem (once) or educating the public (hundreds of thousands of times, if not millions, not to mention often several times with the same boneheaded individual), I know what I'd pick...

    • You can send files and pictures over Gaim's msn system, but it is just so fucking slow because it has to send to Microsoft's servers and then to the other person, rather then peer to peer. If it's not working at all for you, I think you'd need to open up a port on your router.
    • Trillian is another popular choice, although if you want Google Talk/Jabber and plugin functionality you have to shell out a few extra $$$. Even though I have I'm still looking at Miranda... the latest alpha looks nice.

      The most annoying thing about this though is that some of the protocols don't support buddy list groups, or at least Trillian doesn't, because if I connect to my accounts from another computer with Trillian or from another OS, my groups pretty much explode. It's very annoying. I don't th

    • I also use gaim. It manages to stop the most the AIM hijacks I've encountered over the years as well. And NO TARGETED advertising from using GAIM. Great software.
    • Re:GAIM (Score:2, Insightful)

      by Krojack ( 575051 )
      BTW the file sending does work.. Its just slow as crap because GAIM somehow can't do a client-to-client direct connect and must send the files throuh the MSN servers. This causes all file transfers to run = 5k/sec. From what i read it will never support the direct connect. I don't get it and I'm no C programmer but I think its annoying. However the other features in GAIM out weight all other reasons for using MSN MEssenger.
      • Re:GAIM (Score:3, Informative)

        by FireFury03 ( 653718 )
        From what i read it will never support the direct connect. I don't get it and I'm no C programmer but I think its annoying.

        Direct client-to-client connections is fraught with firewall/NAT traversal problems. That said, Jingle and SIP support both require client-to-client RTP connections (NAT discovery is done through STUN), so it's possible direct file transfer will be implemented then.
        • Or, just get IPv6 to work. It's a panaceum for all NAT-related problems -- it fixes them by just removing the damn thing and restoring IP to work the way it was designed.

          Having a dumb ISP is not an excuse as long as you have a public IPv4 address; googling for "6to4" will tell you what to. And if you're an ISP, slap a radvd on your network, please.

          Hell, every transitioned user is a step towards getting rid of IPv4, and that's a noble deed.
          • Re:GAIM (Score:3, Interesting)

            by FireFury03 ( 653718 )
            Or, just get IPv6 to work. It's a panaceum for all NAT-related problems -- it fixes them by just removing the damn thing and restoring IP to work the way it was designed.

            I already have an IPv6 network - have done for years. But you don't actually expect a clueless MSN user who wants to send you a file to have IPv6 do you? Also, if you want to do SIP you have the problem that one of the more major VoIP projects, Asterisk, has no support for IPv6 at all.

            Hell, every transitioned user is a step towards gettin
            • Re:GAIM (Score:3, Informative)

              by Solosoft ( 622322 )
              I wrote up a little thing on setting up IPv6 using Hurricane Electrics Tunnel broker. It uses RADVD and a little script I assmbled up, works like a charm.

              Here is the page on using a WRT and DD-WRT for IPv6 [solosoft.org]

              Of course if I wasn't so lazy I would have a completed guide on setting that up without Samba ... you can of course simply take the script and put it in the nvram (minus the comments of course) and it works just the same. Ive been using it on a tunnel now for a few months and have had 0 problems. All
    • Re:GAIM (Score:2, Informative)

      You make good points, but you missed a few things.
      First of all, GAIM should try to support the features that the native client supports. It's designed to be a total replacement solution, so intentionally leaving features out is a no-no. However, GAIM is a plugin-based program, so if the dev team wants to keep the focus of the development on the core functionality and leave it up to the community to develop a file transfer plugin, that would be OK too.
      Next, the idea of a native client supporting more than
    • by SmallFurryCreature ( 593017 ) on Thursday June 15, 2006 @10:16AM (#15540197) Journal
      As far as I read it this doesn't have anything to do with "bad security" just "bad users". You have to download the code and execute it.

      Lots of people complain that P2P is unsafe because it carries virusses and what not. So how come I have never been infected?

      Obvious it is because of my enormous intellect that makes einstein look stupid and think that a 15mb .exe files claiming to be a movie is suspicious.

      Yes granted the recent WMF crap showed us that if you use MS software any file extension is under suspiscion and the design choice by MS to hide the extension by default must rank as one of their most stupid one (then again this is ms, they make so many it is hard to determine wich one was their worsed).

      But GAIM does not protect you from being stupid. Nothing does. Just that if you went through the trouble of installing GAIM on a Non-MS machine, or if you are on a MS-machine deliberatly disabled MSN and installed GAIM, then you are probably not that stupid.

      It ain't GAIM that is keeping you safe, it is your brain. Trust me on this, I been around long enough to know people will do anything to get infected. Just promise them a juicy picture. We have about the same chance of stopping computer infection as we have of stepping Sexually Transmitted Diseases. When Miss Jpeg flirts with you, you don't think of using a condom. (Oh and using a condom isn't enough, deep kissing can do it too. How many of you practising safe sex make sure no fluids whatever are swapped?)

      • It ain't GAIM that is keeping you safe, it is your brain. Trust me on this, I been around long enough to know people will do anything to get infected. Just promise them a juicy picture. We have about the same chance of stopping computer infection as we have of stepping Sexually Transmitted Diseases. When Miss Jpeg flirts with you, you don't think of using a condom. (Oh and using a condom isn't enough, deep kissing can do it too. How many of you practising safe sex make sure no fluids whatever are swapped?)

      • by Mister Whirly ( 964219 ) on Thursday June 15, 2006 @11:27AM (#15540874) Homepage
        "How many of you practising safe sex make sure no fluids whatever are swapped?"

        This is Slashdot, where safe sex means you have a firewall between you and the porn site...
      • MOD PARENT UP!!!

        Once again, the dancing pigs win - parent is 100% right, according to the article, the vulnerability being exploited here is the user.

      • As far as I read it this doesn't have anything to do with "bad security" just "bad users". You have to download the code and execute it.

        I strongly disagree. Windows fails to make it clear to most users that this is a program, not a movie. That is a security failing of Windows. By default Windows lets any program, even if it has never run before, do anything it wants to. This is a security failing. By default programs should be limited and users should have to explicitly grant the right to do things like

        • by mpe ( 36238 ) on Thursday June 15, 2006 @02:59PM (#15542998)
          First, fix the OS. Make sure users know what is software and what is data, then restrict all of it by default.

          Also so that the OS knows what is software and what is data. e.g. if an executable has been disguised as an AVI then the best thing to do is try (and probably fail) to play it as an AVI. As opposed to displaying a file with an icon indicating it is one type of file then when it is selected to be opened looking at whatever is actually in the file to decide how to open it.
          Effectivly Windows likes to play "bait and switch" with file types.
        • ...By default Windows lets any program, even if it has never run before, do anything it wants to...

          Interesting point. Is the solution here to lock the association between certain file extensions and the category of software that is permitted to read them? I agree the .exe extension is pretty abusable, given it's general nature -- it's an .exe, so page it in to main memory and pass control to it. But how would you go about building this sort of control into software in general? The .exe file has been wi

          • Interesting point. Is the solution here to lock the association between certain file extensions and the category of software that is permitted to read them?

            I don't think so. For example, you might want to read .jpg files in a number of different programs for different purposes. Rather, I think we simply need to restrict anything that runs as an executable or script very granularly. Something like jails, VMs, or zones. Further, simply keep track of what files a program creates and let it continue to modif

    • by Sj0 ( 472011 )
      Please tell me you're joking. Advocacy is one thing, but this is the worst case of "It's not a bug, it's a feature!" I've ever seen. Considering the alternative is a nice and simple "What is this you're trying to send me?" before clicking a download link, I think you're sixes and sevens for trying to claim that using a broken program is a good thing.
      • GAIM is obviously a load of complete rubbish because it doesn't support this functionality.

        GoogleTalk deserves the same ire - you can't do anything with that except send instant messages - that's not what IM was invented for. Harumph! What would Google know about the Internet, anyway.

        When will these people learn (as Microsoft have) that not being allowed to destroy our own machines and everyone else we know and spend days trying to get back to where we were is not a feature - it's clearly a bug. We enjoy
        • You're an idiot. If GAIM is trying to mimic MSN functionallity, but doesn't support some MSN features, then it's broken, not fixed. Trying to spin it as a good thing is ridiculous. Trying to say that users shouldn't be allowed to self files because they're too stupid to do so is also ridiculous. Get off your high horse.
        • GAIM is obviously a load of complete rubbish because it doesn't support this functionality.

          Many people don't actually want that functionality. For such people there is nothing "rubbish" about the functionality being lacking.

          Downloading executable code off the web is one thing, but how many people actually need to send it over IM? Refusing to accept executable files that are being sent to you would probably be a good start (at least by default - you could stick an option to allow it in the preferences if y
    • by RingDev ( 879105 ) on Thursday June 15, 2006 @10:24AM (#15540263) Homepage Journal
      In this case the user is clicking on a hyper link in the IM Conversation which uses a web browser to download an external application. If someone on your buddy list sent you this message, it would come through with no problems. You could click the link and download the file with no problems. It could even execute it's payload while you are wrapped in your GAIM blanket of security. The only thing that it MIGHT not be able to do is to propagate itself to all of the members of your friends list.

      -Rick
    • by SanityInAnarchy ( 655584 ) <ninja@slaphack.com> on Thursday June 15, 2006 @10:44AM (#15540439) Journal
      Someone I met online recently sent me this message:

      "I got my MSN names from http://www.im-names.com/ [im-names.com] they're free!"

      After getting this person to clarify that it was sent automatically. I said "OK, that's spyware." They said "I don't care." They are now blocked.

      Gaim and some common sense means I'll never actually get the spyware, but it doesn't mean I won't get annoyed by it. After all, remember chain mail? I used to get chain IMs all the time -- "Send this to 25 friends by midnight and something good will happen!".

      Really, the only solution, no matter what your IM client, is to start blocking morons.
    • Re:GAIM (Score:5, Insightful)

      by cag_ii ( 788110 ) on Thursday June 15, 2006 @11:15AM (#15540738)
      I just want to make sure im clear on what your point is. You are suggesting that not being able to transfer files via GAIM is a feature and not a bug?
      • You are suggesting that not being able to transfer files via GAIM is a feature and not a bug?

        It is neither.
        • A feature is something that was designed into a project for a particular end-user reason
        • A bug is functionality that is not working as intended

        Clearly this is neither - the support wasn't left unimplemented specifically to help the end-user (it was probably more a case of "we don't have time and don't consider it important enough to bother with"), now is it a bug since the functionality was never intend

    • This worm has nothing to do with "videos/pictures stream[ing] through the chat box". The worm [pandasoftware.com] spreads by sending a URL to an executable. Victims run the executable (which is cleverly "disguised" by having the extension ".avi.exe") and get infected. Clearly this attack has nothing to do with GAIM or MSN Messenger, and contrary to what the summary says ("distributes itself to all your MSN contacts by sending a video"), the worm does not send any video at all. It displays some image [tomshardware.com] when it first runs, but tha
      • when you download an executable from the Web, it gets an Internet zone identifier attached that says the file came from the Internet zone. Running the file shows a warning dialog with the application name and the publisher before it will let the file run. I don't know what else Windows can do here.

        Some thoughts spring to mind:

        1. Make it impossible to run the file directly from the browser - you force the user to (hopefully) think a little more if executable files have to be saved somewhere and then executed
    • A video file should never be able to infect a computer... if it does then it's not the IM client's fault, but the codec's.

      Anyway, GAIM *does* have file transfer for MSN. If it's not working for you then your firewall is probably set up improperly. Webcam/Voice will be implemented soon and they are trying to make MSN file transfer more reliable. An IM app is a great way to transfer files for an average person -- it usually uses SSL and doesn't require setup of a SSH, FTP or HTTP server which is way beyond th
    • Another thing about chat clients is that they should stick to limited functionality. There are way more secure ways to transfer files.

      When will people learn? Reducing functionality is not a good way to increase security since it motivates people to bypass your security. If you don't support file transfer, a lot of people won't use your program and thus be vulnerable.

      The proper solution is to implement the functionality correctly, either by integrating with an existing, secure solution or by implementin

    • So I communicate to others but through a nice free little thing called letters [usps.com]

      My friends often try to send me files or pictures or videos through the "internet" and it doesn't work. They get annoyed and tell me to "go online." I'm told that snail mail is stupid & crappy for not supporting these features.

      Really makes you wonder if the people who developed writing couldn't figure out how to make the videos/pictures stream through the mail box ... or if it was a design decision by choice to avoid hidden vi
      • Do you also rail against email attachments?

        Having supported a lot of moron users I can say that yes, email attachments are often a very Bad Thing. But mainly in the "when you have a hammer everything looks like a nail" sense. In some cases attachments are a good way of sending someone a file, but the clueless get too used to doing it that way and don't think of the consequences.

        An example I saw a few years ago (which is a whole catalogue of cockups):

        An estate agent did email-shots to prospective house buy
    • Interesting. Sure, some of the more irksome "integrated" features of GAIM may not work, but file transfers work just fine for me (and I don't even run Windows(tm)).
  • Payload (Score:5, Funny)

    by gEvil (beta) ( 945888 ) on Thursday June 15, 2006 @09:44AM (#15539901)
    "on the 1st day you get scared, on the 2nd you get desperate, on the 3rd you look for help and on the 4th you die"

    Panda did not provide information about the payload of the BlackAngel.B worm.


    I think it's pretty clear what the payload is. Somebody better get a fix out for this quick...Like in the next 2 or 3 days!
  • by eldavojohn ( 898314 ) * <eldavojohn&gmail,com> on Thursday June 15, 2006 @09:45AM (#15539915) Journal
    It distributes itself to all your MSN contacts by sending a video called 'Fantasma.'
    Not to be confused with the Spanish release of the film "Ghost [imdb.com]" starring Whoopie Goldberg, Patrick Swayze, Demi Moore and a rotating lump of clay (possibly the only bearable thing in the movie).

    A CNN poll taken recently showed that 98.1% of US citizens would rather have the MSN virus on their computer instead of the 1990 film in Spanish.

    It's so unfortunate that we haven't invented the technology to "unwatch" films yet.
  • New Worm Starts Munching MSN Users

    In other news, Hollywood announces the production of Tremors 4: Attack of the Microsoft Munchers.
  • The only certainties in life are taxes and death, but it seems that it should be ammended for windows users with virus/worm infections.

    So, did you pay taxes lately?
  • by ursabear ( 818651 ) on Thursday June 15, 2006 @09:59AM (#15540049) Homepage Journal
    A trojan/virus/etc. that disables regedit and the task manager - and monkeys with files. This is not A Good Thing.

    Many corporations support MSN Messenger only. Given a choice, however, I'm very fond of Trillian Pro 3. I found the license price for Trillian to be quite reasonable, considering its flexibility, stability, and the fact that (so far, fingers crossed) it has not been subject to attacks such as this.
  • by Kenshin ( 43036 ) <kenshin AT lunarworks DOT ca> on Thursday June 15, 2006 @09:59AM (#15540050) Homepage
    This is so going to happen to my sister, and I am so not going to fix her computer this time.

    Remember kids, don't constantly insult the person who fixes your computers.
    • This is so going to happen to my sister, and I am so not going to fix her computer this time.

      Place your bets everyone. Starting odds are two-to-one that Kenshin does fix his sister's computer this time. ;) Unfortunately, once you start being someone's computer bitch, they always seem to convince you to come back for more abuse. :(

      Just make sure you up the amount of beer you charge for service.

    • If you just wait four days, you won't need to fix her computer ever again!
    • This is so going to happen to my sister, and I am so not going to fix her computer this time.

      My sister lives in a share house and her windows98 box sat in the living room on an ADSL line for two years. At the end of two years it was so virus ridden that I doubt much of the original microsoft code remained.

      Now it runs ubuntu. It is used to run firefox and occasionally open office. It has three or four accounts on it so people can have their own environment. I haven't had to fix it since I put it in 18 mont

  • by Rob T Firefly ( 844560 ) on Thursday June 15, 2006 @10:04AM (#15540092) Homepage Journal
    I don't much approve of destructive viri, but if they're going to be out there, they might as well have a little character to them. Who needs yet another boring old "spams your adress book and erases your HD" routine when you can be 0wned by something just a bit more interesting?

    Reminds me of the good old days of "gimme a cookie."
  • by WalterGR ( 106787 ) on Thursday June 15, 2006 @10:07AM (#15540119) Homepage

    From the article:

    To be impacted with the worm, users have to actively download the code. Messenger conversations initiated by the worm carry texts like "jaja look a that" or "mira este video" as well as a web address from where it is downloaded.

    Ummmm... here's a hint: if somebody sends you a random URL to an executable, don't run it!

    The More You Know

    • Doo DING dong DING! :)
    • But there might be candy on the other side! And everyone loves candy!
    • Heck my brother sent me a WMV movie to my gmail account. I was going to open it up at work but thought twice and played it on my mac when i got home.

      It was safe(and funny) but you never know what lies within MSFT formatted files. It's all too easy to hide executable code in there. WMF, WMV, WMA, DOC, XLS, all allow that kind of code.

      It's why i am glad for ODF. at least that way you can see what's inside.
    • Or is it using an exploit in Media Player and inhabiting something that's actually a movie file? The foggy article doesn't say, and the news section at Panda's site doesn't shed any more light. In fact it talks about both a 'movie" and about "code'.
  • Fururama? (Score:4, Funny)

    by awhelan ( 781773 ) on Thursday June 15, 2006 @10:12AM (#15540166) Homepage
    a video called 'Fantasma.'

    Anyone read this quickly as 'Futurama'?
    Normally I will question the brain of anyone who clicks a link without confirming with the person who sent it that it's not a virus, but all my friends know I love futurama clips.
    Good news everyone, I can be socially engineered.
  • Through a vulnerability in MSN messenger, or is it just the usual "click here to get infected" method?
    • The article said...

      To be impacted with the _worm_, users have to actively download the code.

      Anyone click on the _worm_ link in the article? What did it do? It probably told you all about worms, which is a bit dull but safe. However, that's how it reproduces.

    • Just how stupid can people be? Hell, I surmise that people will still get infected even if the link said word for word "Click here to get a virus".

      Also, how can you get in trouble for releasing such a virus given the user was blatantly informed. Such an experiment is tempting...
  • this is news ? (Score:3, Insightful)

    by Anonymous Coward on Thursday June 15, 2006 @10:18AM (#15540213)

    from Pandas webpage

    Countries affected
    España 2.42
    México 2.15
    Perú 0.71
    Chile 0.33

    there are NO english speaking countries affected and the original site which hosted the file is dead (file removed i looked)
    if today is AV fud promotion day you could at least try and scare us with a virus that affects English speaking countries
  • Correction -- New work starts munching STUPID MSN Messenger users.

    If you accept an unsolicited download, you deserve everything you get. This bug can be protected against with a simple "What is this you're trying to send me?".
    • if the bot replied "it's a virus lol j/k, just click on it", i'm sure some people would STILL download it.
      • if the bot replied "it's a virus lol j/k, just click on it", i'm sure some people would STILL download it.

        The cover would be blown with the "lol" and "j/k" anyway since I have no 12 year olds on my buddy list... (not that I use MSN anyway)
  • by 99luftballon ( 838486 ) on Thursday June 15, 2006 @10:21AM (#15540243)
    News up next - Ursine defecation in arboreal context and spiritual leader found in Rome.
  • by cciRRus ( 889392 ) on Thursday June 15, 2006 @10:48AM (#15540484)
    Should be changed to "New Worm Starts Munching MSN Messenger Users". The MSN Messenging network and MSN are two different things.
  • by writermike ( 57327 ) on Thursday June 15, 2006 @11:22AM (#15540813)
    *crunch* *crunch* *swallow*

    Hmmm... tastes like chicken.
  • Or am I the only one who thought that when they read what this virus did?
  • I mean, come on - a virus/worm/trojan attacking a Microsoft application/"service"??

    Isn't this like announcing "water passes through a screen door"?

    If you're going to insist on using a collection of security holes held together with a little bit of application code, you've pretty much got to expect this kind of thing.

  • Fantasma.B is the same, but with a different message:

    On the first day, you get embraced. On the second day, you get extended. On the third day, you get extinguished. And on the fourth day, you... oh, wait.

    --Rob

If in any problem you find yourself doing an immense amount of work, the answer can be obtained by simple inspection.

Working...