The newest AOL Instant Messenger (AIM) worm, discovered today, causes targeted AIM users to receive a message, ostensibly from a buddy, that says “LOL, LOOK AT HIM,” and contains a link to a file called “picture.pif.” This worm is considered to be a variation of the Opanki worm.
However, that file is not a picture of “him” or anyone else. It is the file to unleash the worm on to the user’s system. Once unleashed, the worm replicates itself, sending itself to all of the user’s own AIM buddies.
It is not known yet whether this new “LOL look at him worm” also installs a backdoor on to compromised systems…
Second time a worm is spotted by aim, and yet AOL isn’t doing anything about it. I don’t hear much problems from msn and yim. But AIM is always on a roll for these things. :
the name of the file “picture.pif” (I have understood: this is not an image file) make me remember an old discussion (I don’t remember how, when and who was with me speaking in that topic); I said “some malware is hidden in pictures file”. Someone answered “Impossible”. Well, I’ (un)happy to confirm my words. There’s a software who can encrypt files inside an image file. I have it in one of my millions of cd-rom (by a common magazine) and I will try to search for it. Antiviruses don’t scan files with jpg, gif, bmp files normally. This is the reason why I set Avast to scan ALL files in real time.
Here is a page with a link to a zipped test jpg which is harmlessly infected, as well as a link to DiamondCS’ JpegScan, and other interesting information. ClamWin and BitDefender detect this test (as Exploit.Win32.MS04-028.Gen) for me, but Avast missed it. Oddly, JpegScan did not detect it either. I think Avast (and JpegScan) did detect another test jpg I tried some time ago, but I can’t find the link now.
I agree, I set Avast to scan all file extensions …
If you encrypt malware inside JPG image it won’t do any harm at all.
You can’t just inject data into image and execute it upon viewing. It’s impossible.
JPG Exploit is another thing because it’s using a hole in JPG format.
Nothing is impossible. Many scientist said “Never the machines will fly!”, “The Earth is the center of the Universe”, “Radio? Ah ah ah… impossible!”… If you read some normal book of Science or Aerodinamics you can see how NOONE can say why the flies
they can fly! Is not a joke… read. When the first GSM phones appeared, all the companies said “Is not a dangerous standard like TACS; impossible to intercept or clone the numbers and steal the money of our customers”. Today we have the malware dedicated for the mobile phones in symbian.
I still stand behind my statement. Sound file is sound file. Picture file is picture file etc…
Try to load EXE file in WInAMP and you’ll see what happens. Now rename that EXE file extension to MP3 and try to load it again. See?
The JPG/JPEG thingie is an exploit which worked only in specific programs. Some were even immune to it. So it was pretty much very dependant on unpached/flawed software.
There are applications for good and for bad purposes. With a DOS program JPHIDE.EXE it is possible to hide a data file in a jpeg file, and JPSEEK.EXE to unhide it again. Program jphs 05.zip. For for BMP graphic format the program is named CONTRABAND. See: http://jthz.com/puter/ Great for stenographic purposes. Was that on your CD Kamulko?
Some fear this new IM worms can get a more damaging payload in the future. Some like Francis DeSouza ( hear a brass band now-ha ha ha), CEO of IMlogic explains that this is just a matter of time, functionality of the IM client is greater that an e-mail client, and the real-time functionality makes that threats can propagate much faster herewith. Same thing they fear when the RSS malware is going to be developed. I think these threats are all because we have hopelessly outdated protocols not mentioned to work on the internet as we have it to-day. There we had people on ARPA who knew what they did, and now the virus-boys are so to speak out on every corner of the world wide web.
There comes a time when paranoia rules your life.
I prefer to enjoy my computer. Protect what I can with as much as I can but,
if I allow everything to bother me, I might as well turn off the INTERNET and
enjoy what I have but not look for or try to find anything new for fear that someone
might have come up with a new way to infect my system.
Life is to short and for some of us, it’s getting shorter every day.
Enjoy what you’ve got and stop living in fear.
If your system really does get infected, Format and start again.
It’s something to do and a task much more enjoyable than an hour at the psychiatrist. ;D
Hei, Bob… LOL… I’ve not this paranoia all the time and I use to download in peace-of-mind images and other (but Avast setting is “scan ALL the files!”). I’m not a child (remember my photo? no more hairs cover my head 8) ) and I have seen many incredible changes along my 45 years. The Science is running quickly. Today in Italy the Police caught 20 teenagers: they intrude in some of the best protected servers of world companies. The toys of our early years were plastic soldiers and ridicolous metallic robots eheheh…
Kamulko!
Please don’t misunderstand. That was a general statement. It wasn’t direct at you or any one else.
You are in the same age group as some of my children so I still have a few years on you… ;D
Which only means that I probably have less hair than you. ;D