Home > Threats > Another IM Virus?

Another IM Virus?

ADVERTISEMENTS

Today I got a PM from a friend on my Yahoo! Messenger buddy list with a link to an image. Since it was only an image and that too from a friend, I clicked the link and was taken to an error page. This was the PM -

Do you realize who is in this image: http://thecoolpics.net/who.jpg . Just think for a moment and tell me soon

About half an hour later I got another PM from him saying -

hey. i m in a cyber cafe. this machine is loaded wid viruses. so a bad picture has been sent to every1 on my frenz list! my due apologies.

This is the second IM Virus I came across this month :(

Two hours later I got many more of these PMs from different friends. These were some of those PMs -

Images shot in Iraq _ The war will never end http://thecoolpics.net/Iraqwar.jpg

My pics http://thecoolpics.net/mypics.jpg

Screenshot of new windows version _ Windows Vista http://thecoolpics.net/vista.jpg so cool :D

who is beside you in this pic http://thecoolpics.net/friendpic1.jpg so good-looking

never click into the links like something in this image http://thecoolpics.net/dontclick.jpg :-S !!!

Did you notice that all these PMs have a common URL - http://thecoolpics.net ? I have not got these PMs before, so I am guessing that this is a new IM virus.

Actually I am not sure if this is a virus because it has the extension jpg. Anyways don’t click the link if you get a similar PM.

Is this a virus? Have you got similar PMs?

banner

Search JohnTP.com or view a random post

To receive this blogs articles for FREE on your email inbox, just enter your email address below and click 'Go':

Enter your email address: or .

Find out what I am doing currently by .

Posted on November 19th, 2006 | Category: Threats |

16 responses so far,

  1. 1

    Ashok

    November 19, 2006 at 8:35 pm

    Jpg extensions are probably harmless. Maybe there must be popup or popunder which are harmful.

  2. 2

    Quix0r

    November 19, 2006 at 9:03 pm

    You can very easy write a mod_rewrite rule to redirect requests of the image to a php/perl-script. Don’t think that URLs with “pictures” are completely harmless. They can exploit your browser.

  3. 3

    Ashok

    November 19, 2006 at 9:10 pm

    Yes, It is possible, it never strike my mind. Moreover we can run perl or php script with jpg extension by slight modification in .htaccess

  4. 4

    Quix0r

    November 19, 2006 at 9:13 pm

    Yupp. Also possible:
    ErrorDocument 404 /some-bad-script.php

  5. 5

    Quix0r

    November 19, 2006 at 9:14 pm

    Add this to your /etc/hosts (or matching file in Windows) to block access attempts:

    127.0.0.1 fansign.streamray.com
    127.0.0.1 ads.adbrite.com
    127.0.0.1 trafficcleaner.com
    127.0.0.1 click.absoluteagency.com
    127.0.0.1 nsl-school.org
    127.0.0.1 mytermex.com
    127.0.0.1 thecoolpics.net

    :)

  6. 6

    Quix0r

    November 19, 2006 at 9:17 pm

    Opps, sorry for that link! Please remove it. :)

  7. 7

    carol

    November 20, 2006 at 12:08 am

    That’s why i don’t click on the links from messengers and … that’s why i don’t really use messengers.

  8. 8

    Robert

    November 20, 2006 at 3:10 am

    My mates are always getting these in msn, I just dont click till I asked them what it is =D

  9. 9

    JohnTP

    November 20, 2006 at 7:53 am

    Quix0r- Thanks for the info

    Carol- You don’t use messengers?

    Robert- I have not got these PMs on MSN as I don’t use it.

  10. 10

    Vivek

    November 20, 2006 at 2:41 pm

    http://www.trendmicro.com/vinf.....mp;VSect=T

  11. 11

    Andrew Grant

    November 21, 2006 at 7:20 am

    IM viruses seem to be getting more and more popular :(

  12. 12

    Quix0r

    November 21, 2006 at 4:19 pm

    You all may want to change your privacy settings:

    - Disable online-indicator on webpages
    - Accept only messages from persons from your online list
    - Authorization requests are required (and read them twice) to send you messages.

    I don’t know but I haven’t received any IM virus since I changed my settings. :)

  13. 13

    john lloyd

    November 25, 2006 at 12:51 pm

    Got mine removed with this procedure:
    http://www.precisesecurity.com.....-nov38.htm

  14. 14

    Aditya Joshi

    November 27, 2006 at 7:02 am

    I am formatting my computer to recover :(
    Theres no better way.

  15. 15

    Quix0r

    November 27, 2006 at 8:30 am

    : Do you have some adblocking software or a hosts file to re-route ads - which are consuming bandwidth too - to your local machine like I demonstrated above?

    Please contact me on my blog so I can send you a compressed version of my hosts file to you. :) You surely need to be “local administrator” to decompress it and add (!) it to your existing file.

    Or switch over to Linux and try to convince someone on university to download and burn ISO-Images for you. :) Less trouble with viruses so far… ;)

  16. 16

    Utah SEO Blog

    December 1, 2006 at 3:19 am

    We recently got hit by this in our office here. Luckily myself and a number of others have switched to gaim instant messenger which isn’t vulnerable to passing it on. Yes, the machine is still vulnerable if it gets hit but it shouldn’t pass on.

    I would suggest switching to gaim or Linux over all. I have :)



    Sponsors

    Recommended Money Makers

    Find more Money makers

    Popular Articles

    Recent Posts

    Categories

    Connect with me


    Copyright ©2005-2008 JohnTP, All rights reserved.