August 14, 2001 12:45 PM PDT

Viruses wiggle into IM chats

Corey Bates was chatting on his MSN Messenger recently when his high school buddy Trey sent him a winking-face icon. Then Trey sent him another icon. Then another.

Bates, an 18-year-old who will start his freshman year at Oklahoma University this month, knew it was uncharacteristic of Trey to flood him with winking faces--a popular "emoticon" used to color text-based IM conversations. His suspicions grew when the alias "george.w.bush@whitehouse.gov" suddenly flashed on his screen along with an invitation to accept an attached file called "choke.exe." Unlike his friend, who obviously had been bitten by a virus, Bates knew better than to accept it.

"I was like, 'What the heck? Something is wrong,'" Bates said in an IM exchange with CNET News.com on Monday.

Having long targeted e-mail with sometimes devastating effects, virus and worm creators are setting their sights on IM services. Infected files, for example, have been burrowing their way slowly through Microsoft's MSN Messenger network over the past few months.

Discovered by virus hunters in late June, the so-called Choke worm marked the second attack aimed at MSN Messenger in as many months. In May, the service was struck by the W32/Hello worm. Security experts said they are as yet unaware of any virus attacks that might have targeted AOL Time Warner's AOL Instant Messenger (AIM) and ICQ or Yahoo's Yahoo Messenger.

Virus writers in search of the biggest bang for their bugs have targeted various types of networks, including peer-to-peer file exchanges and wireless Web systems. None have proven as effective as e-mail, however, where some viruses have rapidly gained the force of an avalanche through large corporate e-mail systems. Once a virus is activated, it can shoot itself out to everybody in a victim's address book, leading to an exponential growth rate.

IM viruses discovered so far have been relatively innocuous compared with virulent e-mail-borne infections such as the Love Bug, Anna Kournikova and Melissa.

"E-mail is still the most effective way to get viruses around," said Richard Smith, chief technology officer of the Privacy Foundation.

Nevertheless, some computer security experts say it is only a matter of time before similar outbreaks plague IM services.

Already, millions of people on the Internet communicate through instant messengers, which let people exchange text messages in real time and have become some of the most popular features on the Internet.

Corporate acceptance?
Instant messaging has yet to gain an official foothold in many corporations, but that is likely to change. For example, Microsoft's upcoming Windows XP operating system will add new features to its instant messenger that may be attractive to corporations, such as document sharing and video conferencing.

"As more people migrate to XP, there is an increased risk because it becomes an attractive element for a virus writer," said Vincent Gullotto, the senior director of McAfee's Avert group.

In addition, computer security experts said they are particularly concerned because few defenses have been developed to protect IM networks from viruses.

"One of the interesting aspects of instant messaging viruses is most antivirus products don't necessarily stop them," said Elias Levy, chief technical officer of SecurityFocus.com. "There are antivirus products that attempt to detect e-mail messages, but I don't know of any that will support instant messaging protocols."

Microsoft urges defense
In response to the Choke worm and other potential viruses sent through its IM systems, Microsoft believes the user is the first line of defense.

Like other viruses propagated through e-mail, Choke is contained in an attachment. Once opened, Choke can send itself out to people on one's MSN Messenger buddy list, increasing the chances that someone else will open an infected file and repeat the cycle.

That means people can prevent its spread with a little common sense--for example, by treating attachments sent by strangers with caution.

"An MSN Messenger user needs to go through a few steps, which include warning messages, in order to receive and download the file," said Sarah Lefko, an MSN product manager. "Then, the user would have to actually double click and execute the file itself in order to propagate the virus."

Lefko said Microsoft has issued an alert on its MSN Messenger site.

MSN's service competes with the two largest IM services, AIM and ICQ, which are owned by AOL Time Warner. That company's America Online service, which runs the instant messengers, has been the target of hackers and scammers trying to steal passwords and credit card numbers.

A spokesman from the company's AOL division said security measures are used for the IM services but would not go into detail for fear of tipping off virus writers. Since e-mail and instant messaging run on separate systems, AOL must develop separate security measures.

"Both systems have security measures built into them," said Andrew Weinstein, an AOL spokesman. "But the systems are obviously designed for the needs of each product."

For now, security experts appear to be hedging their bets, warning of the danger without predicting the imminent arrival of an IM Love Bug.

"If history tells us anything, technologies used by many people can be used by other people on the fringes," said Steve Trilling, director of research at Symantec's antivirus research center. "From a security perspective, it's of immediate concern. But at this point it's difficult to say what sort of problem this will become down the road."

6 comments

Join the conversation!
Add your comment
yahoo IM virus?
I received an offline message from someone in my Yahoo buddy list with a link to a spoofed Yahoo Games website. After I clicked on the link, my Yahoo ID was no longer functional. Not only can I not log into my account, but I can't recover my password. The person who I got the message from had an identical problem.

Has anyone else experienced this? If so, any word from Yahoo?
Posted by ashikiar (1 comment )
Reply Link Flag
Yahoo IM Virus
I am also having this exact problem. I can't get into my email account. Yahoo will not even look at it without me sending a copy of my photo ID and all of my personal information of my account. That sounds extremely fishy. But I haven't been able to locate any cure for this system of the down.
Posted by (1 comment )
Link Flag
Yahoo IM virus
I just received this virus - do I need to do anything besides change my Yahoo password?
Posted by inatene (1 comment )
Link Flag
Same Problem - Yahoo IM virus
I have exactly the same problem. I can't login to my account any more. I also remember facing the similar offline message in the Yahoo messenger. The worst part is that when I contacted the Yahoo Customer Service, I couldn't request a new password since I dont remember the information that I entered while making the account years back. Hence am stuck. Please let me know if there is a way out.
Posted by myidty10 (2 comments )
Link Flag
Same Problem - Yahoo IM virus
I have exactly the same problem. I can't login to my account any more. I also remember facing the similar offline message in the Yahoo messenger. The worst part is that when I contacted the Yahoo Customer Service, I couldn't request a new password since I dont remember the information that I entered while making the account years back. Hence am stuck. Please let me know if there is a way out.
Posted by myidty10 (2 comments )
Link Flag
I keep getting a Yahoo IM from someone I do not know. It pops up everytime I go into Yahoo Mail. I did not open it. I just 'X' out. How do I get this from stopping?
Posted by 1956cnet (2 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.