AIM Spreading
If you are using AIM or similar instant messaging tools, you have presumably already seen messages similar to the following:
These are typical bots spreading with the help of AIM: the infected machines send AIM messages to other people and try - via social engineering or other trick - to convince the victim to click on the link. The link is then an actual malware binary and thus the innocent user is infected...
Fortunately this kind of attacks can be stopped rather easily since AIM can filter the messages centrally. Polymorphism (e.g., changing the text each time or slight changes in the URL) on the other hand could make filtering harder...
"which is better for my Myspace backround? http://www.myspace.com/Backgrounds/AllUsers/myspace-background-11.gif or http://www.myspace.com/Backgrounds/AllUsers/myspace-background-162.gif?"
"ooooooo. I bet Cingular isnt happy. http://www.cingular.com/phoneactivations/newphones/loadingringtones.usa.gs is stuck on the ringtones page haha. Supposed to be for "New Phone Activations". I tried it, got my 10. Wallpapers too. hurry b4 its fixed."
"which is a cooler buddy icon for me? http://www.buddyicons.com/humor/humor-icon-112.gif or http://www.buddyicon.com/action/moviestar-icon-11.gif?"
"hey is it ok with you if I upload this picture to my online albums? http://www.eblogs.com/user204/photos/picture36.jpg"
These are typical bots spreading with the help of AIM: the infected machines send AIM messages to other people and try - via social engineering or other trick - to convince the victim to click on the link. The link is then an actual malware binary and thus the innocent user is infected...
Fortunately this kind of attacks can be stopped rather easily since AIM can filter the messages centrally. Polymorphism (e.g., changing the text each time or slight changes in the URL) on the other hand could make filtering harder...
".
