?

Log in

Previous Entry | Next Entry

First, if you're on my Yahoo! Instant Messenger (YIM) contact list and got a URL as an IM (online or offline): don't click, and sorry about that.

Second, here's what happened. Around 01:30 I logged in as hsuwh and got an offline IM from a former student in my computer graphics class who's an old friend of zengeneral's. The URL itself looked unsavory, so I figured that it was from some remailer that had IMs as a side effect, but instead of just IMing him back or looking up the URL in the online CERT advisories, what did I do? I thought, "meh, I have Norton Antivirus" and clicked on it.

The next morning, kaladhwen IMs me back with the URL and asks me what's up. I immediately reply "oh, no, that must be an IM virus" and copy that to fob-L @ yahoogroups.com and 6 other friends.

What's wrong with this picture:

  • 1. Never click on strange URLs. The cardinal rule in this case. You'd think I'd know that, but apparently not. I wish I could say that I just hadn't looked, but I was actually thinking it'd be cool if I IMed the student back and explained how he probably had a virus amok... ironic, ne? Hoist by my own petard.

  • 2. Remessenger viruses can propagate via IM if your IM account is compromised, or if your firewall or policy permits software to access your IM client. I'm not sure how it happened. Does anyone know how these things work, or can anyone tell if I give you the URL (and it hasn't been taken down)? This was the first IM or web-based Trojan horse virus I've ever had to my knowledge, and certainly the first on that sent out IMs. It is a link to a Yahoo! GeoCities redirector page that seems to bring you to a Yahoo! Photos login prompt. I logged in and later found that the portal links go to a Chinese Yahoo site. (I've since changed my PW and security code.)

  • 3. Norton Antivirus (NAV) is not firewall software. Trust not to anti-viruses or spyware detectors, for they detect specific signatures, and cannot save the user from his or her own stupidity. Case in point.

  • 4. Viral URLs should be mangled in public service advisories. gondhir, figgylicious, and sui_degeneris pointed this out, and on reflection, it's probably a good idea to munge URLs just in case they get accidentally clicked on (or people don't read the context). Originally gondhir just said that people might click on any embedded URL if it seems to be from a friend, which I disagreed with, on the grounds that my message header was "IM virus - thanks for the alert". Thinking about it, though, the trusted source assumption should mean that any resource in the body of a message from a trusted sender may be accessed.


Anyhow, my bad, and sorry again if you received it.

--
Banazir

Comments

( 8 comments — Leave a comment )
zengeneral
Nov. 7th, 2005 12:38 am (UTC)
was it
P.... ????
banazir
Nov. 7th, 2005 12:51 am (UTC)
Re: was it
Yarr.

--
Banazir
(Deleted comment)
banazir
Nov. 7th, 2005 01:22 am (UTC)
Re: What were you thinking
Reread the entry. I clearly said that I was looking at the link so I could respond to the alum from whose account it was sent, and that this was a mistake.

It's not necessary to comment anonymously; anyone is free to say whatever they like in this journal if they identify themselves. I reserve the right to report spams and trolls, or identify them as such, but I've never banned any posters save serial adders and spammers, nor deleted any comments from a user.

-WHH
cornner
Nov. 8th, 2005 05:25 pm (UTC)
Why?
So you clicked on Porn, and expect not to get a virus, how dumb.
banazir
Nov. 8th, 2005 06:58 pm (UTC)
You don't seem to read too well
Why?
So you clicked on Porn, and expect not to get a virus, how dumb.

Have a clue, troll. I've said I was looking to see what would make suspicious URLs be coming from my former student's IM client, and thought that my antivirus software would offer some protection. Obviously I was mistaken, as this thing apparently spreads via Yahoo and YIM, probably not via one's PC at all.

You can believe or disbelieve that I wasn't "clicking on porn", but this conversation is rather useless if you don't, isn't it? For one thing, why would I be posting about it in that case?

FWIW, I wasn't the only person in my contact list or our department to fall for this, or we wouldn't have had it making the rounds on both.

I see that you made a new LJ account. If its purpose is just to troll LiveJournals such as mine, I can tell you that you're wasting your time, but I'm as good as my word. Stupid is as stupid does, though, and your boorishness is here for everyone to see.

--
Banazir
kaladhwen
Nov. 9th, 2005 07:45 am (UTC)
Re: Why?
Huh, I thought that if someone clicked on porn, they would expect to get porn. But I don't click on those kinds of URLs, so I wouldn't really know.

You seem to know a lot about clicking on porn links, though. Care to enlighten us further on why that is?

On second thought -- don't. In fact, don't "enlighten" us about anything. Ever.
(Deleted comment)
(Anonymous)
Jul. 6th, 2007 05:16 am (UTC)
Good luck
Hello

I am Lucy, I have found your website while searching for some info at Google. Your site has helped me in a big way.


G'night




( 8 comments — Leave a comment )

Latest Month

December 2008
S M T W T F S
 123456
78910111213
14151617181920
21222324252627
28293031   

KSU Genetic and Evolutionary Computation (GEC) Lab

Teunciness

Breakfast

Science, Technology, Engineering, Math (STEM) Communities

Fresh Pages

Tags

Page Summary

Powered by LiveJournal.com
Designed by Naoto Kishi