Instant Messaging Street Smarts
I know I just recently wrote about the dangers of instant-message-borne viruses and worms, but a co-worker's brush with what was in all likelihood an IM worm yesterday served as yet another reminder of how insidious these things can be. So, I thought a more thorough primer on IM threats was probably in order.
My co-worker, who we'll just call Amanda, hurried over to the cubicle pod for the tech section to say she'd just received an AOL Instant Message from a friend that prompted her to click on a link. If I recall from viewing the thing on her screen, it said something like "lol! check out this: [deleted hyperlink here]."
Amanda said she didn't think twice about clicking because it came from a friend she chats with all the time. The link opened her Web browser and took her to a site that was not the same as the one listed in the IM invitation, but the page failed to render anything except a cryptic error message.
"So then I cut and pasted the link into a different browser, like an idiot, but the same thing happened," Amanda recalled in an IM conversation after the incident.
Growing more suspicious by the second that she might have just been duped into doing something very bad to her computer, Amanda sent a reply message back to her friend, who of course said she hadn't sent anything recently.
The operations people here got involved, and a virus scan was run on Amanda's machine, but it gave her PC a clean bill of health. I told Amanda she'd probably just had a close call; based on past experience with these things -- and a bit of detective work I did on the link -- it appears she had received an invitation to infect her computer with spyware or a virus.
I still haven't determined if this particular nastygram has earned a name from the spyware or anti-virus companies yet, but I was able to tell that the link she received attempts to redirect the recipient's Web browser through a series of at least three different Internet addresses (including a Web "anonymizer" service), which is almost universally a bad sign because it usually means the sender is trying to hide something.
Even after the "all clear" from the anti-virus test, Amanda says several things aren't working as they did before the whole incident. She's all jittery and not entirely convinced that her PC isn't sick with something.
Even more dangerous than e-mail viruses, IM attacks exploit the very essence of the medium -- speedy and casual communication with trusted sources. While most companies nowadays use anti-virus tools to scrub employees' incoming e-mail, few set any restrictions on their IM usage, which can cause a single infection to spread quite quickly among co-workers accustomed to messaging each other over the cubicle walls and sharing links to amusing Web sites.
IM viruses and worms have grown 50 percent each month so far this year, according to the IM Logic Threat Center, a joint project coordinated by several anti-virus companies including McAfee, Symantec and Sybari Software.
Like e-mail viruses, IM worms spread by sending themselves to people listed in the victim's contacts list, while pretending to have been sent by one of those contacts. Consequently, IM viruses will often appear to come from screen names that you recognize, and may even come from people in your own contacts list.
The lesson here is that you should be just as cautious about opening links or attachments that arrive via IM as you (hopefully) are about clicking on those that show up in your e-mail inbox.
Never open, accept or download a file in an instant message from someone you don't know -- and even if you do know them, don't open it unless you know what the file is and were expecting it. If it comes from someone you know and you weren't expecting it, contact the sender by phone, e-mail or reply back to the message and ask what they're asking you to look at. In Amanda's case, had she asked first before clicking on the link, she wouldn't be so paranoid right now.
Have a personal experience to relate about an instant-message virus? Post a comment below. Alternatively, feel free to drop me an e-mail, but if you do, please also let me know if you don't want your e-mail comments published.
Posted by: Gary Flynn | June 2, 2005 8:17 PM | Report abuse
Posted by: Bryant Payne | June 3, 2005 11:41 AM | Report abuse
Posted by: L | June 6, 2005 8:21 PM | Report abuse
Posted by: Jim Pivonka | June 7, 2005 1:59 AM | Report abuse
Posted by: TONY | July 23, 2006 9:26 PM | Report abuse
The comments to this entry are closed.