Microsoft Responds to Latest IM Worm

Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  

On the heels of the newest instant messaging worm -- and the latest example of the potential security problems associated with public IM -- Microsoft is cautioning users to take precautions to limit the spread of such threats in the future.

The recently discovered Jitux.A virus uses an infected system to send hyperlinks to MSN Messenger contacts. When a contact clicks on a link, the resulting Web page downloads an .EXE file that infects their PC with the worm. Once installed, the worm becomes resident in memory and sends infected messages every five minutes.

Microsoft said it launched an investigation immediately after receiving word of the worm last week, and that the threat now posed to users is minimal -- mainly because the infected Web page has been taken down.

"At this time, the site hosting the executable code has been disabled and is not currently a threat to customers," a Microsoft spokesperson said. "We have worked with our anti-virus partners and members of the Virus Industry Alliance [a Microsoft partnership that works in concert with anti-virus players like Network Associates and Trend Micro] to provide customers which might have downloaded the code with identification and removal instructions."

Anti-virus company Panda Softwarehad first warned about the worm early last week. Panda, which categorized the software with a "high" threat level, cautioned users to update their anti-virus software and also issued a free patching tool on its Web site.

Microsoft reiterated that the worm didn't leverage an exploit in Messenger; instead, the Redmond, Wash.-based software giant confirmed that it spread only when users' clicked on a link they received.

"The reported problem resulted from a user running a malicious executable, which was being downloaded from an individual site," the spokesperson said. "The executable itself does not appear to take advantage of a vulnerability in Microsoft software. The program, when executed, sets up its own MSN Messenger profile and then sends itself to everyone on the contacts list. This would require an end-user to click on a link to download the code, and then manually execute the code on their system."

Microsoft said MSN Messenger users should avoid opening any files they receive unless they're certain of the contents. It also encouraged users to run anti-viral software that scans incoming IM files, and provided instructions on the messenger.msn.com site.

The new virus comes as but the latest recent report of IM-related security threats.

Last month, Yahoo! released a patchto fix a potential vulnerability in an ActiveX component associated with its Yahoo! Messenger client.In October, an earlier MSN Messenger worm, dubbed "Smbmsn," hit the scene. As with the newer worm, Smbmsn propagated when IM users accepted transferred files.

Also last year, the security community learned about the existence of the Menger/Coolnow worm, which leveraged a security vulnerability in Internet Explorer to, among other things, gain control of a user's MSN Messenger client. Once it had done so, it sent out links to infected Web pages to the contacts. Microsoft responded to the worm by releasing patches.

Not surprisingly, this activity represents a growing trend. In fall, PC security giant Symantec released findings that public IM viruses and worms were swelling in number. In its latest Internet Security Threat Report, the firm found that of the top 50 virus threats during the first six months of the year, IM and peer-to-peer technology played a role in 19 -- a 400 percent increase from the previous year.

The trend is due in part to viruses that have begun using instant messagingas a supplement to other channels of infection, like e-mail. That's been the case in so-called "blended attacks" used by the Fizzer worm and others.

The threat

Aside from crashing vulnerable systems, worms that spread through IM software also can enable systems to fall under remote control by hackers -- as in the example of the Fizzer and AIM-Canbot worms.

Viruses and the danger of hackers aren't the only threats of which enterprises should be aware, when it comes to unregulated use of consumer instant messaging. Most public IM transverses the Internet in an unencrypted format -- meaning that conversations are prone to being read or manipulated by unauthorized intermediate parties.

Meanwhile, IT staffs have long overlooked the potential for danger from public IM, in large part because most instant messaging clients can be installed and run through the corporate firewall without administrators' knowledge.

For instance, most public instant messaging clients attempt to connect to their networks' central servers or to other users through a variety of ports -- some of which may not be blocked by corporate security measures.

That threat in recent years has given rise to corporate IM solutions, which block, manage, secure and log use of the public IM networks, or which deploy behind-the-firewall, server-based solutions.

Submit a Comment

Loading Comments...