15 Aug 2001 09:12
Corey Bates was chatting on his MSN Messenger recently when his high school buddy Trey sent him a winking-face icon. Then Trey sent him another icon. Then another.
Bates, an 18-year-old who will start his freshman year at Oklahoma University this month, knew it was uncharacteristic of Trey to flood him with winking faces--a popular "emoticon" used to colour text-based IM conversations. His suspicions grew when the alias "george.w.bush@whitehouse.gov" suddenly flashed on his screen along with an invitation to accept an attached file called "choke.exe". Unlike his friend, who obviously had been bitten by a virus, Bates knew better than to accept it.
"I was like, 'What the heck? Something is wrong,'" Bates said in an IM exchange with CNET News.com on Monday.
Having long targeted email with sometimes devastating effects, virus and worm creators are setting their sights on IM services. Infected files, for example, have been burrowing their way slowly through Microsoft's MSN Messenger network over the past few months.
Discovered by virus hunters in late June, the so-called Choke worm marked the second attack aimed at MSN Messenger in as many months. In May, the service was struck by the W32/Hello worm. Security experts said they are as yet unaware of any virus attacks that might have targeted AOL Time Warner's AOL Instant Messenger (AIM) and ICQ or Yahoo's Yahoo Messenger.
Virus writers in search of the biggest bang for their bugs have targeted various types of networks, including peer-to-peer file exchanges and wireless Web systems. None have proven as effective as email, however, where some viruses have rapidly gained the force of an avalanche through large corporate email systems. Once a virus is activated, it can shoot itself out to everybody in a victim's address book, leading to an exponential growth rate.
IM viruses discovered so far have been relatively innocuous compared with virulent email-borne infections such as the Love Bug, Anna Kournikova and Melissa. "Email is still the most effective way to get viruses around," said Richard Smith, chief technology officer of the Privacy Foundation.
Nevertheless, some computer security experts say it is only a matter of time before similar outbreaks plague IM services.
Already, millions of people on the Internet communicate through instant messengers, which let people exchange text messages in real time and have become some of the most popular features on the Internet.
Instant messaging has yet to gain an official foothold in many corporations, but that is likely to change. For example, Microsoft's upcoming Windows XP operating system will add new features to its instant messenger that may be attractive to corporations, such as document sharing and video conferencing.
"As more people migrate to XP, there is an increased risk because it becomes an attractive element for a virus writer," said Vincent Gullotto, the senior director of McAfee's Avert group.
In addition, computer security experts said they are particularly concerned because few defences have been developed to protect IM networks from viruses.
"One of the interesting aspects of instant messaging viruses is most antivirus products don't necessarily stop them," said Elias Levy, chief technical officer of SecurityFocus.com. "There are antivirus products that attempt to detect email messages, but I don't know of any that will support instant messaging protocols."
In response to the Choke worm and other potential viruses sent through its IM systems, Microsoft believes the user is the first line of defense.
Like other viruses propagated through email, Choke is contained in an attachment. Once opened, Choke can send itself out to people on one's MSN Messenger buddy list, increasing the chances that someone else will open an infected file and repeat the cycle.
That means people can prevent its spread with a little common sense--for example, by treating attachments sent by strangers with caution.
"An MSN Messenger user needs to go through a few steps, which include warning messages, in order to receive and download the file," said Sarah Lefko, an MSN product manager. "Then, the user would have to actually double click and execute the file itself in order to propagate the virus."
Lefko said Microsoft has issued an alert on its MSN Messenger site.
MSN's service competes with the two largest IM services, AIM and ICQ, which are owned by AOL Time Warner. That company's America Online service, which runs the instant messengers, has been the target of hackers and scammers trying to steal passwords and credit card numbers.
A spokesman from the company's AOL division said security measures are used for the IM services but would not go into detail for fear of tipping off virus writers. Since email and instant messaging run on separate systems, AOL must develop separate security measures. "Both systems have security measures built into them," said Andrew Weinstein, an AOL spokesman. "But the systems are obviously designed for the needs of each product."
For now, security experts appear to be hedging their bets, warning of the danger without predicting the imminent arrival of an IM Love Bug.
"If history tells us anything, technologies used by many people can be used by other people on the fringes," said Steve Trilling, director of research at Symantec's antivirus research centre. "From a security perspective, it's of immediate concern. But at this point it's difficult to say what sort of problem this will become down the road."
See the Viruses and Hacking News Section for the latest headlines.
See the Net Crime News Section for the latest on hacking, fraud, viruses and related issues.
See the Internet News Section for full coverage.
Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.
Let the editors know what you think in the Mailroom. And read other letters.
Story URL: http://news.zdnet.co.uk/itmanagement/0,1000000308,2093149,00.htmCopyright © 1995-2008 CNET Networks, Inc. All rights reserved
ZDNET is a registered service mark of CNET Networks, Inc. ZDNET Logo is a service mark of CNET Networks, Inc.