New Virus Marks New Strategy
Dec. 14, 2005 -- There's a new worm making its way around America Online that has opened a new front in the war to keep hackers from invading, disturbing and destroying personal computers.
It's an Internet worm attacking users of AOL's instant messaging software, sending unsuspecting users a message encouraging them to click on a link.
"What we continually say to users is 'don't ever click on a link you receive in an IM without asking the sender what it is and why they're sending it to you,'" said Krista Thomas, a spokeswoman for AOL.
But in this case, even if users followed protocol and asked the right questions, the worm would actually answer back, marking a new strategy and evidence that so-called black hat or malicious hackers are creative and innovative as well as possibly dangerous.
Attack of the Chatty Worm
According to Art Gilliland, vice president of IMLogic, who discovered the threat, the scary thing about this worm isn't just that it launches its attack via instant messenger software, but that it acts in a surreptitious way to fool the user into doing something they know they're not supposed to do.
"One of the things people were doing to protect themselves while using IM [instant messenger] was, if they were sent a link, to ask questions," he said. "The virus writers are getting more and more sophisticated, they're learning how we're stopping them so they're coming up with new ways to get in."
Knowing that instant messenger users would likely question the validity of a link sent to them from someone they don't know, the hacker who wrote the virus, included a way to trick them into believing they had been diligent.
Though the worm -- dubbed IM.myspace04.AIM -- has been dealt with at this point, the infection would simply send out messages to anyone in a victim's buddy list, attempting to infect them and then be sent on to others.
Gilliland said IMLogic and other experts in the Internet security field saw virus writers "testing the waters" last year -- sending out messages containing links simply to see how people would react to them.
"It was like a testing phase," he said, "but when they find something that works they put all of their energy into it."
The result of those efforts is typically malicious software that can result in anything from a sluggish computer, to one that doesn't work at all.
'Spear Phishing'
Oliver Friedrichs, senior manager of security response at anti-virus giant Symantec, said ingenuity among hackers is nothing new, but the use of social engineering approaches is.
"One thing that's driven that is that the technology to protect consumers has become so advanced," he said. "Using social engineering to entice us to open and execute these malicious programs is one way around that -- human beings want to trust what people are sending them."
He said the days of numerous, widespread viral attacks may be behind us, as attackers are becoming more targeted and more insidious.
Even phishing attacks -- using an e-mail that appears to be from a legitimate organization like a bank or online store to acquire one's personal information -- which have been widely reported, are receiving an update to be more difficult to discern from the real thing.
"They're seeding these e-mails with more and more personal information about you so it really looks like a legitimate e-mail," he said. "So maybe they have your name, or a telephone number and you think it's real."
Friedrichs has a nickname for these more targeted, precise and personalized phishing attacks: "spear phishing."
The Great Hacker War
In years past, Friedrichs said, hackers were motivated by the "can-it-be-done" mentality, making them more like vandals than criminals.
Many of the worms and viruses written in the 1980s and '90s were aimed at eradicating other hackers' work, mostly for pride.
Those kinds of attacks have led in some cases to what Friedrichs calls all-out "hacker wars," in which groups of hackers would attack each other and innocent computers were often caught in the crossfire.
The most famous of these clashes was something known as the Great Hacker War. Two groups of hackers -- Masters of Deception and Legion of Doom -- fought to outdo one another by doing things like cracking into secure computers and rerouting telephone calls.
Now, Friedrichs said, it's all in cyberspace and a large percentage of it is about getting access to your personal information.
Call, Don't Click
Aside from making sure you have the latest updates for your operating system -- Windows, Apple OS, Linux -- maintaining your anti-virus software and regularly scanning for spyware, experts like Friedrichs said there is something else you can do to protect yourself.
"Awareness and education -- absolutely," he said. "I'm not necessarily saying you need to be paranoid, but be aware of what you receive, who it's from and if you have any doubts, don't open it."
He said if you get an e-mail from your bank that looks legitimate but you're a little nervous, don't open it -- call them.