Malicious chat bots
leichter_jerrold at emc.com
leichter_jerrold at emc.com
Thu Dec 8 09:50:17 EST 2005
[From Computerworld - see
http://www.computerworld.com/securitytopics/security/story/0,10801,106832,00
.html?source=NLT_PM&nid=106832
]
Security firm detects IM bot that chats with you
Bot replies with messages such as 'lol no its
not its a virus'
News Story by Nancy Gohring
DECEMBER 07, 2005
(IDG NEWS SERVICE) - A
new form of malicious instant-message bot is on the loose
that talks back to the user, possibly signifying a
potentially dangerous trend, an instant messaging security
firm said.
IMlogic Inc. issued the warning late yesterday after
citing a recent example of such a malicious bot. On
Monday, the company first published details of a new
threat known as IM.Myspace04.AIM. Once the computer of an
America Online Inc. IM user is infected, the bot sends
messages to people on the infected user's buddy list,
making the messages appear to come from the infected user.
The user isn't aware that the messages are being sent. If
recipients click on a URL sent with a message, they will
also become infected and start spreading the virus.
A bot is a program that can automatically interact with
people or other programs. AOL, for example, has bots that
let users ask questions via IM, such as directory queries,
and the bot responds.
The unusual part of this malicious bot is that it replies
to messages. If a recipient responds after the initial
message, the bot replies with messages such as "lol no its
not its a virus" and "lol thats cool." Because the bot
mimics a live user interaction, it could increase
infection rates, IMlogic said.
IMlogic continues to analyze this threat but so far it
seems to only be propagating and not otherwise affecting
users.
An AOL spokesman said today that the company's IT staff
has not yet seen the bot appear on its network. The
company said it reminds its users not to click on links
inside IM messages unless the user can confirm that he
knows the sender and what is being sent.
Some similar IM worms install spybots or keyloggers onto
users' computers, said Sean Doherty, IMlogic's director of
services in Europe, the Middle East and Africa. Such
malicious programs record key strokes or other user
activity in an effort to discover user passwords or other
information.
"What we're seeing with some of these worms is they vary
quickly, so the initial one may be a probe to see how well
it infected users, and then a later variant will be one
that may put a spybot out," Doherty said. The initial worm
could be essentially a proof of concept coming from the
malware writers, he said.
Computerworld staff writer Todd Weiss contributed to this
article.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list