AOL IM Image Virus Spreading. Get Real: Stowe Boyd's Soapbox

Home > Weblog Columns > Get Real

Quote

"I can’t think of anything that demonstrates the sovereign nature of the self better than a blog.” - Doc Searls

About the Author

Stowe Boyd is a well-known media subversive, and an internationally recognized authority on real-time, collaborative and social technologies. His new blog is Message.

Check out Appopedia, a new directory of reviews of Web 2.0 apps for work

« Esther Dyson and Joi Ito Investing in Flikr | Main | No Wonder: Few Enterprises Affected by AOL and Yahoo Moves »

October 01, 2004

AOL IM Image Virus Spreading

Posted by Stowe Boyd

A nasty virus is spreading through AOL's instant messaging:

Dan Ilett
[from Image virus spreads via chat]
A virus that exploits the recently discovered JPEG vulnerability has been discovered spreading over America Online's instant-messaging program.

[...]

According to the Internet Storm Center, the victims received AOL Instant Messenger messages that directed them to Web sites that hosted the dangerous JPEG images.

The instant messages read: "Check out my profile, click GET INFO!" When visited, the Web site automatically sends malicious code embedded in the JPEG image to the computer, Ullrich [chief technical officer for SysAdmin Audit Network Security Internet Storm Center] said. Once infected with the code, the computer sends the same message to other contacts in the instant-messenger list.

The code also installs a back door that can give hackers remote control over the infected computer.

And antivirus programs do not generally scan graphics files for viruses, limiting their searches to executables.

Of course, this is just a sign of the times. As IM grows in popularity, it is inevitable that the networks will be attacked in this way.

Comments (1) + TrackBacks (0) | Category: Technology

COMMENTS

1. Nick Gray on October 9, 2004 03:05 PM writes...

I think it's important to note that this attack is only using AIM as a channel for SPIM distribution (is there a term yet for IM spam that solicits malware?). Users won't get infected if they stay within the safety sphere of their IM application; only when they click the link to launch IE are they at risk.

Permalink to Comment

RELATED ENTRIES: › Reminder -- /Message; › /Message - A New Blog; › The Individual Is The New Group -- Part 1; › 1000 Tags: Tag Advertising; › Social Ethics And Technology Design; › Nancy Hass on In Your Facebook.com; › Black and White and Dead All Over: Is Newsprint Dead?; › Anonymous Trolls, Beware: You Are Breaking Federal Laws

Shows

THE NEW VISIONARIES: REBOOTING THE WEB
[Starting in January!]

BEHIND THE SCENES
sponsored by GoToMeeting
› 24 Dec 2005: Behind The Scenes [next episode - postponed for Transit strike]
› 30 Nov 2005: Behind The Scenes at Behind The Scenes

PODCASTING ON WINDOWS
sponsored by GoToMeeting
› 29 Oct 2005: Video Podcasting
› 20 Oct 2005: Online Services
› 3 Oct 2005: Audio Editing
› 22 Sep 2005: Introduction to Podcasting

GET REAL SHOW
sponsored by GoToMeeting
› 3 Nov 2005: Interview with Eric Rice, Audioblog
› 31 Oct 2005: Interview with Rick Klau, Feedburner
› 29 Oct 2005: Interview with Lee Wilkins of Podcast.com