Commands: ::List Messages::Post Message::Next Message::Previous Message::Reply to Message::
| Msg.ID: 26764 From: Cbs228 About: Re: OT: Virus Alert ATTN Alexio At: 2004-07-15 17:41:19 |
| -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Jul 15, 2004, at 8:06 AM, Steel Magnolia wrote: > Any more on this? I have talked with Alexio and confirmed that he personally did not send the message. He has also reported being kicked off of icq because another client had logged on with the same icq number (icq does not allow "multiple presence"). As such I have reason to believe that Alexio's computer (or one of the computers he has used) has been infected with a virus that has an icq client built into it. The virus must have scanned his hard drive and found his icq login name and password (or intercepted the password with a tcp sniffer or keylogger attack). The virus then used his icq number and (possibly) his contact list in an attempt to spread itself by mass-messaging people with a hardcoded link to the virus file. I have never seen anything quite like this before, but the M.O. is very similar to traditional email viruses. Traditional email viruses will use your email contact lists and their own SMTP engine (or, worse, your ISP's email servers) to relay infected emails with spoofed From addresses to all your contacts. The icq virus works similarly, but (due to service restrictions) cannot spoof the From address (so you know who sent it). BE WARNED, since we have seen a virus in the wild, icq files and links thereto should be treated with the same suspicion as regular emails. Request confirmation before downloading an attachment (since icq mass-mail 'bots can't have an intelligent conversation with you), and do not download attachments of type .exe, .pif, .vbs, or .bat. Also be on the lookout for Office files with macro viruses. PREVENTION: I do not know how the virus intercepts your email password, but I am making an educated guess that it reads it from your icq preferences file. If this is the case, not storing your icq password for automatic login will foil the virus. Also be on the lookout for spontaneous disconnections "because another client has logged on with the same icq number" (or something to that effect). Colin Stagner The Fugitives From Fate Permacorp! http://cbs228.home.mindspring.com/Fugitives/ chown -R :us ~you/base/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iD8DBQFA9vnHyNXfO5OesjARAnIFAKDoZaxjqwE+26OF2Jwj+eC8l+p8IACgp3Tg 8TiqATsSoe8YWr5BY7dfn/U =s4eY -----END PGP SIGNATURE----- |
Programs:
::News
::Messages
::Preferences
::Files
::
Commands: ::List Messages::Post Message::Next Message::Previous Message::Reply to Message::
Commands: ::List Messages::Post Message::Next Message::Previous Message::Reply to Message::