Adware spam targets instant messaging users
An adware worm called 'Osama Found' has been circulating since Wednesday
Computerworld - An adware worm called "Osama Found" has been widely circulating since Wednesday among users of America Online Inc.'s AOL Instant Messenger, but it's apparently causing more aggravation than actual damage.
The worm, which is neither a virus nor a Trojan horse, according to a statement from Santa Clara, Calif.-based security vendor Network Associates Inc., pops up a URL link in an incoming message during an AIM session and appears to come from someone on the user's buddy list. Users who click on the URL link are sent to a Web page where they are asked to download a program for an IM game application.
The problem is that once a user installs the program, it acts like a worm and sends the link to everyone on the user's buddy list, allowing it to spread quickly. It spreads even faster than e-mail worms because IM is real time and people can react much faster, especially when it appears that the link comes from someone they already know, said Dmitry Shapiro, founder and chief technology officer of Akonix Systems Inc., an IM security management vendor in San Diego.
"In corporate America, that's a very bad thing if you've got customers on your buddy list and you start spamming them with this game," he said. "It looks bad for your company.
"If it comes from [their] boss, they're going to click it," he said, even if the boss didn't actually send it.
Shapiro said the adware application is one of the first he has seen that's using IM to distribute itself instead of e-mail. Last month, another worm, Jitux.a, spread itself through IM clients, but it wasn't adware, he said.
"Think of it as spam gone crazy," Shapiro said. "This is worm spam."
This particular worm isn't a security risk now in terms of malicious payloads, he said, but variations that cause damage are possible in the future.
The adware worm for the IM game apparently comes from a company called PSD Tools LLC in Cambridge, Mass., through its BuddyLinks division, according to Shapiro and Network Associates.
Officials at PSD Tools didn't respond to an e-mail and couldn't be reached by telephone today. The PSD Tools Web site states that the company was founded last year and offers "social networking software" that allows peer-to-peer communications through various IM platforms. The company's BuddyLinks site describes its product as an interactive game that is sent out and promoted "among the user's network of buddies."
"Please understand, our Flash games are in no way a virus," the company says. "We simply combine peer-to-peer, social networking and instant messaging into one spectacular technology."
The Buddylinks.net Web site informs visitors that they can e-mail questions to the company, but it warns them not to send attachments. "Attachments are deleted by our mail server, please send links," the site states. A link is provided to get help to uninstall the game, if desired.
Andrew Weinstein, a spokesman for AOL, today called the game program "clearly one of the slimiest pieces of adware we've ever seen," adding that "we're doing everything we can to stop it."
So far, the worm appears to work only on AOL's IM client, but the code appears to have the capability of being modified to work on others, Weinstein said. "We're strongly opposed to this piece of software and ... we're actively investigating both legal and technical steps to prevent its distribution."
AOL will include spyware-detection features in its next version of AIM, due out in several weeks, to fight such programs, he said. The new AIM version will scan for spyware on a regular basis and remove them, he said.
Francis deSouza, CEO of IMlogic Inc. in Waltham, Mass., which provides security for corporate IM users, said the Osama Found worm is the start of what appears to be a new problem in corporate communications.
"I think the whole area of viruses and spam over IM has really not been addressed," deSouza said. Because of the pop-up nature of IM, this is something that can become seriously disruptive for users and companies, he said. About 5% to 17% of IM messaging today is spam, he said, according to IMlogic figures, and that can be a problem for businesses.
"This is something you need to address as a company," deSouza said.
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Alert Logic for PCI DSS Compliance To achieve PCI DSS compliance, you must identify and remediate all critical vulnerabilities detected during PCI scans. Threat Manager streamlines this process by...
- Cybersecurity Imperatives Reinvent Your Network Security With Palo Alto Networks The Rise of CyberSecurity
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts