dcsimg
RealTime IT News

Gpic Worm Hits AIM

UPDATED: In an advisory posted by enterprise IM vendor IMlogic Wednesday, officials warned of a new worm spread by old means: getting users to click on a URL that purports to come from a friend on their buddy list.

The latest threat to AOL's instant messaging (IM) platform, AIM, again targets users' penchants to blindly click on links supplied by friends. The Gpic.aol worm comes with a message saying, "damn this looks just like me lol" and a link to what is displayed as pictures.google.com.

In reality, the displayed URL obscures the real Web site at newpeople.no-ip.info, which then downloads onto the user's system, collects the names in the buddy list and sends the same message to all of them.

Gpic.aol is considered a medium-level risk threat; it doesn't actually deliver a payload that allows the malware writer to gain remote access to the computer or corrupt or erase data on the hard drive.

For the time being, IM worms are merely a nuisance, propagating from one AIM buddy list to another. But Francis deSouza, IMlogic CEO, said he fears it's only a matter of time before virus writers start delivering damaging code as well.

IM, replete with functionality, such as file transferring, video and audio, is at risk from malware writers gaining access to those features, he said.

"Your e-mail client can only do so many things," he said. "Your IM client is actually much more functional and much more powerful, and because much of the functionality is real-time functionality, threats can propagate over IM much faster than over e-mails."

According to an April report by the company, the first three months of 2005 found a 271 percent increase in the amount of reported IM and peer-to-peer threats from the previous year. Of the reported incidents, the report found 82 percent dealt with IM virus or worm propagation.

DeSouza said AIM, up until a couple of weeks ago, has been relatively spared from the worms encountered in the IM world compared to those of Yahoo Messenger and Microsoft's MSN.

In the past two weeks, AIM has become a fertile ground for worm writers and has contributed to seven new AIM-targeted worms, according to the company's list of IM and P2P threats.

In all cases, the worms display a skillful degree of social engineering, getting people to click on links they would never do visiting a strange Web site or in an e-mail.

A recent AIM worm capitalized on the popularity of Star Wars III and reports of a leaked copy of the movie on P2P and BitTorrent sites, telling victims to click on the link to download the movie.

In related news, e-mail security firm MessageLabs has tracked more than 850,000 copies of a new Bagle downloader that started making its way through e-mail inboxes Tuesday afternoon, according to officials.

Like the majority of viruses, the user needs to be tricked into installing the file onto the computer. When that's accomplished, the virus harvests e-mail addresses on the hard drive and forwards a copy of itself to the the e-mail addresses.

According to a report by Postini Wednesday, the Bagle virus was the ninth-largest for the month of May, but figures show Bagle is coming back strong.

Postini's real-time virus-tracking site Wednesday reports the Bagle virus was the No. 1 virus threat, with nearly 1.5 million reported instances.