First, if you're on my Yahoo! Instant Messenger (YIM) contact list and got a URL as an IM (online or offline): don't click, and sorry about that.

Second, here's what happened. Around 01:30 I logged in as hsuwh and got an offline IM from a former student in my computer graphics class who's an old friend of zengeneral's. The URL itself looked unsavory, so I figured that it was from some remailer that had IMs as a side effect, but instead of just IMing him back or looking up the URL in the online CERT advisories, what did I do? I thought, "meh, I have Norton Antivirus" and clicked on it.

The next morning, kaladhwen IMs me back with the URL and asks me what's up. I immediately reply "oh, no, that must be an IM virus" and copy that to fob-L @ yahoogroups.com and 6 other friends.

What's wrong with this picture:

• 1. Never click on strange URLs. The cardinal rule in this case. You'd think I'd know that, but apparently not. I wish I could say that I just hadn't looked, but I was actually thinking it'd be cool if I IMed the student back and explained how he probably had a virus amok... ironic, ne? Hoist by my own petard.


• 2. Remessenger viruses can propagate via IM if your IM account is compromised, or if your firewall or policy permits software to access your IM client. I'm not sure how it happened. Does anyone know how these things work, or can anyone tell if I give you the URL (and it hasn't been taken down)? This was the first IM or web-based Trojan horse virus I've ever had to my knowledge, and certainly the first on that sent out IMs. It is a link to a Yahoo! GeoCities redirector page that seems to bring you to a Yahoo! Photos login prompt. I logged in and later found that the portal links go to a Chinese Yahoo site. (I've since changed my PW and security code.)


• 3. Norton Antivirus (NAV) is not firewall software. Trust not to anti-viruses or spyware detectors, for they detect specific signatures, and cannot save the user from his or her own stupidity. Case in point.


• 4. Viral URLs should be mangled in public service advisories. gondhir, figgylicious, and sui_degeneris pointed this out, and on reflection, it's probably a good idea to munge URLs just in case they get accidentally clicked on (or people don't read the context). Originally gondhir just said that people might click on any embedded URL if it seems to be from a friend, which I disagreed with, on the grounds that my message header was "IM virus - thanks for the alert". Thinking about it, though, the trusted source assumption should mean that any resource in the body of a message from a trusted sender may be accessed.

Anyhow, my bad, and sorry again if you received it.

--
Banazir

( Spam report )
( Machine Translation Reading Group )
( CIS 798, Computational Models of Decision Making in Agents )
( Cybersecurity )

--
Banazir

Today was the first day of a special topics course on cybersecurity in our department. I heard about this course from one of the instructors, Anindya Banerjee, in the spring, and decided to sit in. Co-taught by four instructors:

• Andresen (operating systems, wireless and distributed computing)


• Banerjee (programming languages, language-based security, type theory)


• Singh (distributed systems and networking)


• Wallentine (high-performance computing and parallel algorithms)

this course features topics ranging from ethics, history, and social issues to network security to language-based security techniques.
( Today's topics )

I was looking up things about virus research following a discussion with John Mark Agosta about cybersecurity and uncertain reasoning, and came across this article.

Hsu, W. H. (1992). Generic Virus Detection. MacTech: The Journal of Macintosh Technology (formerly MacTutor: The Macintosh Programming Journal), 8(2).

( Abstract )

Edit, 09:30 CST - ( Note about the paper )
Edit, 10:35 CST - ( Note about cybersecurity and anti-virus measures )

--
Banazir