Log in

No account? Create an account
Cross-Platform AIM virus attack? - One person's lack of compassion does not equal another's comfort.
One person's lack of comprehension does not equal another's consent.
Cross-Platform AIM virus attack?
[Update: (Noon 3/8/05) Symantec later reported: "W32.Serflog.B is a worm that spreads through file-sharing networks and MSN Messenger. The worm also lowers security settings. The worm arrives via an MSN Messenger window with a blank message."]

[Update: Symantec's website, http://www.symantec.com, reports of a worm that spreads through MSN and releases a worm. It is possible that someone recently modified this to be much more malicious. The names of the last two variants dated 03/07/05 are "W32.Kelvir.C" and "W32.Kelvir.D". If you are curious please go to that link and read about them under "latest threats".]

My original post (and first update) behind cut.
That's not something I would believe either, but I got a phone call from a friend who this happened to TONIGHT (March 7, 2005) between 10-11pm. Apparently her mom was using AIM (either the AIM client or it might have been AOL proper in AIM mode, not sure) when her mom's AIM buddy suddenly offlined. She then turned the computer back over to my friend and then the computer froze, after which it would not reboot.

Soon after it was discovered that the "AIM buddy" who offlined also could not reboot his computer only that one was a PC. I checked just to be sure and this was private IM conversation not some AOL chat or conference mode, no others were involved in the conversation. Now stranded for internet access, my friend naturally called her friends and one of them had the same experience at about the same time, but was savvy enough to manage to be able to access the hard disk (either with other boot media or by reading the stricken hard disk in another machine), and discovered that a lot of files were missing including personal data.

To me this sure sounds like a malicious virus, but the timing of it certainly suggest that it either came in via AIM or was triggered by its use. At this time I don't know enough to say for certain whether this applies to all AIM users or more specifically those use AOL as their ISP or just people running the AIM client. I do feel that my source is "credible" and therefore I must advise those reading to try not using AIM for a few days, just to be on the safe side. At least you have LJ to keep in touch wiht and maybe this would be a good time to try Yahoo IM. You can find me on Yahoo IM as "gyropyge" if you sign up.

[update: A fearless (or foolhardy) friend of mine logged into AIM briefly apparently unscathed, however he was using some sort of firewall or security software which was monitoring or blocking actual AIM messages so we cannot really tell for certain from this one test if simply logging in is the problem or if you must actually be involved in IM chat in order for damage to occur]
1 Rubber Ducky or Leave a Rubber Ducky
From: childthief_liar Date: March 9th, 2005 05:47 pm (UTC) (Link)
i'm on aim right now. hahha. i am so damn brave.
i'm on the library computer, so, um, yeah. haha. let the get the virus or shit that i got. on second thought, don't because that kindda sucks.

i just got here and i haven't checked my mail yet [i think it's sad when the first thing i do before mail or anything is sign on to livejouranl and myspace], but thanks again for the stuff that you sent me.
right after i'm done here with my mom we are going to go to compusa and look for a new computer.

oh, and to those fuckers who killed my computer -
i don't know whether to say thanks or f&*k you @$$holes. grrrrrrrrrrr.
haha ok i had to say it funny like that.
of course i'm saying fuck you assholes. grrrr. if anyone fucks with my computer ever again i may just have to kill the silly bastard.
1 Rubber Ducky or Leave a Rubber Ducky