For the first time, a type of worm has emerged that automatically chats with users through instant messaging programs, luring them to click on a malicious link to attack the victim’s computer. Fortunately, this worm has only targeted AOL’s instant messaging service so far.
According to a recent warning from security firm IMlogic, the worm known as IM.Myspace04.AIM will automatically jump into your chat window using the username “lol cool“, along with a link to download a file named “Clarissa17.pif”. When users innocently respond, perhaps asking “What’s this?” or “Is it a virus?“, the worm cleverly replies, “Oh no, how could it be a virus?”
Without a second thought and completely unaware, users click on the link. Immediately, this malicious file infiltrates the system, disables security software, installs a backdoor program, and alters system files. Not stopping there, it begins to attack all the usernames present in the victim’s chat list, using the same tactics and tricks.
All these actions are programmed to occur silently. The messages sent by the worm go unnoticed by the victims, preventing them from warning their friends.
“This is the first case“, stated Andrew Burton, product management director at IMlogic. This type of worm does not spread widely, but it seems like an experiment by hackers, a kind of “sharpening the knife” before going into battle. “In the near future, we will certainly witness more ‘test runs’, followed by an outbreak of attacks like this.”
At the same time, another worm is spreading on the Internet through a more traditional route: masquerading as a Christmas card. Named Aimdes.E, this worm also targets AOL’s instant messaging users. It tricks users into opening a link labeled “Christmas Greeting Card“, and once activated, this worm will automatically install itself into the system, open a backdoor on the computer, and spread to the remaining contacts in the chat list.
The advice given is to exercise extreme caution with any links sent to you. If (it seems like) it was sent by a friend, you should verify by directly asking that friend before opening it.
Thiên Ý
