New Virus Marks New Strategy

Dec. 14, 2005 — -- There's a new worm making its way around America Online that has opened a new front in the war to keep hackers from invading, disturbing and destroying personal computers.

It's an Internet worm attacking users of AOL's instant messaging software, sending unsuspecting users a message encouraging them to click on a link.

"What we continually say to users is 'don't ever click on a link you receive in an IM without asking the sender what it is and why they're sending it to you,'" said Krista Thomas, a spokeswoman for AOL.

But in this case, even if users followed protocol and asked the right questions, the worm would actually answer back, marking a new strategy and evidence that so-called black hat or malicious hackers are creative and innovative as well as possibly dangerous.

According to Art Gilliland, vice president of IMLogic, who discovered the threat, the scary thing about this worm isn't just that it launches its attack via instant messenger software, but that it acts in a surreptitious way to fool the user into doing something they know they're not supposed to do.

"One of the things people were doing to protect themselves while using IM [instant messenger] was, if they were sent a link, to ask questions," he said. "The virus writers are getting more and more sophisticated, they're learning how we're stopping them so they're coming up with new ways to get in."

Knowing that instant messenger users would likely question the validity of a link sent to them from someone they don't know, the hacker who wrote the virus, included a way to trick them into believing they had been diligent.

Though the worm -- dubbed IM.myspace04.AIM -- has been dealt with at this point, the infection would simply send out messages to anyone in a victim's buddy list, attempting to infect them and then be sent on to others.

Gilliland said IMLogic and other experts in the Internet security field saw virus writers "testing the waters" last year -- sending out messages containing links simply to see how people would react to them.