Network News

X My Profile
View More Activity

IM Worms "Epidemic" on MSN Messenger

Russian anti-virus and security vendor Kaspersky wrote Friday about an increase in spyware attacks on MSN Messenger users, an attack that succeeds in part due to a flaw in Microsoft's approach to blocking transfers of certain types of malicious files.

Last week, two out of three of the most active worms spread over MSN's instant messenger program, according to Kaspersky Labs. Microsoft at some point configured its Messenger network to block transfers of files ending in ".pif," responding to a rash of viruses, worms and trojans that disguised themselves as .pif images. By doing so, Microsoft sought to halt the progress of IM worms that spread rapidly to each of a victim's contacts after the recipient clicks on an exploit-laced Web link.

So why was Kaspersky saying new infections from the two MSN IM worms were "peaking above the radar to an extent you can probably call epidemic levels"? According to Kaspersky, both MSN worms that surfaced this week had devised an inscrutable guise for their exploits -- they came masked as ".PIF" files.

From Kaspersky's blog:

Both worms spread using links to .PIF files. But some of you might remember that Microsoft blocked messages containing ".pif"?

Yes they have, but... the MS block is case sensitive!

So the criminals used capital letters, ".PIF" and the network filters let the message flow right through. Other variations like .Pif, .pIf, and so on also work.

Looks like most MSN IM users will not have the protection afforded by Microsoft's filters, although Microsoft has been notified of the shortcoming and may address the problem. As always, no matter what instant message or e-mail software you use, think thrice about whether you really need to click on any link sent to you via IM or e-mail. When in doubt, message the sender and ask whether they meant for you to click on the link, and ask where the link might take you.

By Brian Krebs  |  September 25, 2006; 8:26 AM ET
Categories:  Latest Warnings  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Unofficial Patch Released for IE Flaw
Next: Some Sobering Security Stats

Comments

This article leaves me in high anxiety mode. I am tired of supporting an OS that basically requires me to consider reinstalling it from scratch every 2-3 months or so. Sure I take adequate steps to protect myself with anti-everything software, but I still feel like there are too many hidden and undiscovered virus related "everythings" that are out to get me. If you use your PC in a free manner, you will be hit. It's not a question of if, rather a question of when and by what hidden awful thing.

I feel like running for the hills and getting a Mac. Sure I'll pay more in hardware costs, have to purchase a new OS version about every year, and also be satisfied with the very few versions of software that you can run on Mac, but at least I will be safe... for a while! (Longest run-on sentence ever!)

Posted by: Switch to Mac? | September 25, 2006 9:37 AM | Report abuse

Wow, that's pretty pitiful considering Windows is generally NOT case sensitive with file names.

Posted by: William | September 25, 2006 9:58 AM | Report abuse

"According to Kaspersky, both MSN worms that surfaced this week had devised an inscrutable guise for their exploits -- they came masked as ".PIF" files."

This is just plain dumb with regard to Microsoft's failure to anticipate this. And to think Microsoft is our first line of defense against the bad guys. No wonder we're so long suffering.

Posted by: J. Cameron | September 25, 2006 10:12 AM | Report abuse

Piffle.

Posted by: Pete from Arlington | September 25, 2006 10:32 AM | Report abuse

"Reinstall from scratch every 2 or 3 months"?
wow, if you have the right security programs, reinstalling should be very rare. I've had my current computer for at least 2 years and haven't even had to think about reinstalling.

Posted by: Anonymous | September 25, 2006 11:54 AM | Report abuse

Dear Switch to Mac?
That's the best thing to do. Macs cost more but their cost of ownership is lower in the long run and it keeps a resale price higher and longer.
I've been using Macs for more than 20 years with only minor problems. Time is money too. Look at any "How to install" guide. Most often there are about 10 lines of instructions on Windows for 1 on Mac.
Save time and money, buy a Mac next time.
Nick

Posted by: Nicolas Daum | September 25, 2006 12:43 PM | Report abuse

Why not try a linux distro that will probably run on your existing hardware before spending more money on a Mac? linuxhardware dot org can help with compatible hardware. Also try distrowatch dot com.

Posted by: eb | September 25, 2006 1:02 PM | Report abuse

As to Mac vs. PC cost: "... Macs and comparably-equipped, brand-name Windows PCs tend to be roughly comparable on price these days. That old notion that you have to pay up to use a Mac often isn't the case any more." Check out http://www.macworld.com/2006/08/features/macproprice/index.php

Posted by: mad48 | September 25, 2006 2:23 PM | Report abuse

I have moved to Ubuntu Linux for improved security - real cool to Ubuntu and agree with Eb try dual bootup for a while and then decide - Gaim!

Posted by: Tim | September 25, 2006 2:45 PM | Report abuse

Looks like Microsoft programmers should go back to Programming 101. What a stupid basic mistake!

Posted by: Dot | September 25, 2006 3:52 PM | Report abuse

re: run for the hills to Mac.... change ove to Linux...
The era of the level playing field is here---NOW
Macs 'premium' cost and the 'free'Linux are myths
Recent efforts at competive costing indicates the variances as 'chump change for application similar systems. Market differentiation will be software architectural superiority, and REAL STSTEM AVAILABILITY. PCs and low end servers are commoditiesdriven by buyer PERCEPTION .

Posted by: joel kruissink | September 25, 2006 6:41 PM | Report abuse

Brian,

Your "if in doubt" advice should be standard practice. If you receive a link or attachment from a user, send THEM a message asking about the link. If they didn't send it, the worm that did will likely not be able to interact with you and will give itself away.

Posted by: Matthew Murphy | September 25, 2006 8:11 PM | Report abuse

>>IM Worms "Epidemic" on MSN Messenger

Why?

http://www.mess.be/msnmessenger75.htm
> In the Security options you can now chose to disable hyperlinks in conversations (a protection against IM worms)

Posted by: Mark Odell | September 27, 2006 6:17 PM | Report abuse

In the C language, tolower() and toupper() have been there forever, and they have been preserved in most modern computer languages in one form or another. Microsoft could use them so that no matter how you write .pIF, it becomes either .pif or .PIF and is blocked accordingly. I favor lower case because I get tired of being shouted at. Actually, if Microsoft had made their OS case sensitive (OpenVMS is also not case-sensitive), perhaps the problem wouldn't exist. They could also ignore the extension entirely and "sniff" the first 6 bytes of the file to determine what it was. If you did that, it wouldn't matter what the extension name was. That is what Unix / Linux / Mac systems do. Those systems are also case-sensitive. The only way for Microsoft to do this properly is to have several full time people working over-time (and paid handsomely to do it) to find a way through any blocks like this. I am volunteering my services Microsoft. Don't ask me to write even a pseudo virus though - I won't do it! It is too easy for the pseudo to become the real thing.

Sorry, mad48, but you are comparing Apples to oranges, er, Dells. Any optional extra can jack up costs considerably. Dell had substantially more extras than Apple had. You obtain substantial savings by purchasing in bulk. It worked in Model-T days and it works now. Further, it isn't just the initial cost. The total cost of ownership includes the time you pay staff to keep the machines running, and that is frequently higher than the purchase price of the machine. But the clincher is if you absolutely must have one app and that app runs only on one platform. What are you going to do? You are going to have that platform.

Posted by: hhhobbit | September 29, 2006 4:55 AM | Report abuse

No ... DON'T get a Mac. They're as arachic as their users. All you're going to do is crash differently. The reason that they aren't attacked by hackers as much is because no one can stand them except a few people who can't handle PCs. If you want a change of scenery, go with Linux. Avoid the overpriced Mac. It'll be a happier world when both of the has-beens - Macs and AOL are computer memories...

Posted by: Mac? | October 3, 2006 10:12 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company