Worms flood instant messaging networks

日期:2019-03-03 07:16:05 作者:子车畦汹 阅读:

By Celeste Biever A record number of new computer worms have swept through instant messaging networks in recent weeks, turning computers into remote-controlled zombies and sparking battles between rival virus-writing gangs. In the past viruses have hijacked IM networks but most arrived in email worms such as Netsky and MyDoom. “What you are seeing now is an outright focus on IM,” says John Sakoda of security firm IMlogic in Waltham, Massachusetts, US. The company has recorded 26 outbreaks so far in 2005. This focus is “a direct reflection of how prevalent the technology is”, says Oliver Friedrichs of the anti-virus software vendor Symantec, based in Redwood City, California. The number of IMs sent per day is predicted to grow from 11.4 billion in 2004 to 45.8 billion in 2008, according to the Radicati Group, a California market research firm. Other reasons why virus writers are increasingly preying on IM networks may be the growing awareness of computer users to virus-loaded emails and the successes of anti-virus companies in stamping these out, says Stowe Boyd of Corante, a technology news service for entrepreneurs located in Reston, Virginia. IM worms employ similar tricks to email worms. Kelvir, which surfaced on Sunday, and the 6-week-old Bropia, both install software called Spybot that turns the computer into a zombie by handing remote access to its hard drive to a virus writer. Meanwhile Serflog, which appeared on Monday, features expletives targeting the author of the email worm Assiral that attempted to kill off Bropia, mimicking the virus-writer wars that have been played out via email worms. “What is different is simply the way that they spread,” says Friedrichs. Unlike email, which stores messages until a person checks them, an IM can only be sent if the recipient is also online. So an individual’s IM software, known as the IM client, is constantly communicating with other IM clients to check who else is online. Bropia exploits this by inserting a copy of itself inside the internet packets that alert other computers that someone new has come online. It automatically infects everyone who has subscribed to exchange messages with the infected computer, a group of contacts known as a “buddy list”. As people may have several buddy lists, a virus can spread very quickly using this mechanism, says Sakoda. Other IM viruses mimic the spreading tactics of email worms that forward themselves to everyone in a victim’s address book. Serflog (also known as Fatso and Sumom) and Kelvir automatically send malicious links to everyone on an infected computer’s buddy lists. The links are labelled with phrases designed to tempt, including “How a blonde eats a banana”. But when the recipient clicks on them, he or she is asked to execute a file, which results in infection. People often click on these links because they appear to come from a trusted contact. However, Friedrichs points out that once the security community knows about the virus, it is relatively easy to remove the malicious code from the website to which the link points. Kelvir has already been eradicated in this way. However, in future, IM viruses might turn infected computers into web servers that host the malicious link, making it much harder to remove the offending URL. More likely to protect IM is the fact that people tend to have far fewer contacts stored in their buddy lists than their email address books, says Boyd, because it is a more intimate form of communication. “It’s the difference between shaking hands and having sex,” he says. More on these topics: