Malicious chat bots

Thu Dec 8 09:50:17 EST 2005

[From Computerworld - see
http://www.computerworld.com/securitytopics/security/story/0,10801,106832,00
.html?source=NLT_PM&nid=106832
]

               Security firm detects IM bot that chats with you

               Bot replies with messages such as 'lol no its
               not its a virus'

               News Story by Nancy Gohring

               DECEMBER 07, 2005
               (IDG NEWS SERVICE) - A
               new form of malicious instant-message bot is on the loose
               that talks back to the user, possibly signifying a
               potentially dangerous trend, an instant messaging security
               firm said.

               IMlogic Inc. issued the warning late yesterday after
               citing a recent example of such a malicious bot. On
               Monday, the company first published details of a new
               threat known as IM.Myspace04.AIM. Once the computer of an
               America Online Inc. IM user is infected, the bot sends
               messages to people on the infected user's buddy list,
               making the messages appear to come from the infected user.
               The user isn't aware that the messages are being sent. If
               recipients click on a URL sent with a message, they will
               also become infected and start spreading the virus.

               A bot is a program that can automatically interact with
               people or other programs. AOL, for example, has bots that
               let users ask questions via IM, such as directory queries,
               and the bot responds.

               The unusual part of this malicious bot is that it replies
               to messages. If a recipient responds after the initial
               message, the bot replies with messages such as "lol no its
               not its a virus" and "lol thats cool." Because the bot
               mimics a live user interaction, it could increase
               infection rates, IMlogic said.

               IMlogic continues to analyze this threat but so far it
               seems to only be propagating and not otherwise affecting
               users.

               An AOL spokesman said today that the company's IT staff
               has not yet seen the bot appear on its network. The
               company said it reminds its users not to click on links
               inside IM messages unless the user can confirm that he
               knows the sender and what is being sent.

               Some similar IM worms install spybots or keyloggers onto
               users' computers, said Sean Doherty, IMlogic's director of
               services in Europe, the Middle East and Africa. Such
               malicious programs record key strokes or other user
               activity in an effort to discover user passwords or other
               information.

               "What we're seeing with some of these worms is they vary
               quickly, so the initial one may be a probe to see how well
               it infected users, and then a later variant will be one
               that may put a spybot out," Doherty said. The initial worm
               could be essentially a proof of concept coming from the
               malware writers, he said.

               Computerworld staff writer Todd Weiss contributed to this
               article.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com