Computer Crime Research Center


Phishing targets Instant Messangers: AIM, Yahoo IM

Date: May 27, 2005
By: Scarlet Pruitt

Users of instant messaging applications from Yahoo Inc. and America Online Inc. are being warned this week of two new threats spreading via instant messaging.

The first is a worm targeting AOL's Instant Messenger software that could potentially allow an attacker to gain control of a user's system, according to security researchers. The other is a phishing scam propagated through Yahoo Messenger, which tries to lure users into revealing their Yahoo credentials.

The AOL worm sends the message "hehe i found this funny movie," encouraging users to click on a hyperlink that downloads malicious code to the user's desktop, according to an advisory released Monday by IMLogic Inc. From there, the worm connects to a public Internet Relay Chat server and continues to spread through AIM messages, researchers at security company NetSec said.

While IMLogic rated the AIM worm as a "medium threat," a NetSec advisory warned that given the sophistication of these worms, "it is a reasonable assumption that near-full system control may be possible."

The worm was not detectable by major antivirus products as of 2 a.m. GMT, said NetSec security research coordinator Tom Parker. Around that time, Parker said, a maximum of 15,000 PCs might have been affected.

However, by midday GMT the worm appeared to have slowed and there were few reports of it still in the wild, according to Mikko Hypp�nen, director of antivirus research at F-Secure Corp. Most major antivirus companies have already updated their products to deal with the threat, Hypp�nen said.

What's interesting about the worm is that it is topical and appears to be timed with the hype around the release of the movie Star Wars Episode III: Revenge of the Sith, Hypp�nen said.

A Sober worm variant circulating earlier this month was also topical, apparently coinciding with ceremonies marking the 60th anniversary of the end of World War II in Europe. It sent e-mail carrying right-wing nationalist messages in German.

"It's an old technique but it gets people to open them," Hypp�nen said.

AIM users are advised not to click on hyperlinks sent from unknown users and to make sure they have a firewall in place and get the latest security updates for when a fix is available.

The Yahoo Messenger scam is one of a growing number of so-called phishing attacks -- a kind of online fraud in which users are directed to fake Web sites designed to look like authentic sites and are then asked to reveal sensitive information such as credit card numbers and passwords.

In the Yahoo scam, users are sent the URL, which leads them to the phony Web site. The URL appears to be targeted at gaming enthusiasts and is rated by IMLogic as a "medium risk" threat.

Yahoo users are being warned to look out for the threat, and administrators are advised to use content filtering to guard against the scam and to download the latest antivirus updates.
Original article

Add comment  Email to a Friend

Discussion is closed - view comments archieve
2006-08-26 10:12:41 - Oh my gosh! I go on AIM everyday! OH my... Steven
Total 1 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo