Skip the navigation

Adware spam targets instant messaging users

An adware worm called 'Osama Found' has been circulating since Wednesday

By Todd R. Weiss
February 13, 2004 12:00 PM ET

Computerworld - An adware worm called "Osama Found" has been widely circulating since Wednesday among users of America Online Inc.'s AOL Instant Messenger, but it's apparently causing more aggravation than actual damage.
The worm, which is neither a virus nor a Trojan horse, according to a statement from Santa Clara, Calif.-based security vendor Network Associates Inc., pops up a URL link in an incoming message during an AIM session and appears to come from someone on the user's buddy list. Users who click on the URL link are sent to a Web page where they are asked to download a program for an IM game application.
The problem is that once a user installs the program, it acts like a worm and sends the link to everyone on the user's buddy list, allowing it to spread quickly. It spreads even faster than e-mail worms because IM is real time and people can react much faster, especially when it appears that the link comes from someone they already know, said Dmitry Shapiro, founder and chief technology officer of Akonix Systems Inc., an IM security management vendor in San Diego.
"In corporate America, that's a very bad thing if you've got customers on your buddy list and you start spamming them with this game," he said. "It looks bad for your company.
"If it comes from [their] boss, they're going to click it," he said, even if the boss didn't actually send it.
Shapiro said the adware application is one of the first he has seen that's using IM to distribute itself instead of e-mail. Last month, another worm, Jitux.a, spread itself through IM clients, but it wasn't adware, he said.
"Think of it as spam gone crazy," Shapiro said. "This is worm spam."
This particular worm isn't a security risk now in terms of malicious payloads, he said, but variations that cause damage are possible in the future.
The adware worm for the IM game apparently comes from a company called PSD Tools LLC in Cambridge, Mass., through its BuddyLinks division, according to Shapiro and Network Associates.
Officials at PSD Tools didn't respond to an e-mail and couldn't be reached by telephone today. The PSD Tools Web site states that the company was founded last year and offers "social networking software" that allows peer-to-peer communications through various IM platforms. The company's BuddyLinks site describes its product as an interactive game that is sent out and promoted "among the user's network of buddies."
"Please understand, our Flash games are in no way a virus," the company says. "We simply combine peer-to-peer, social networking and instant messaging into one spectacular technology."
The Buddylinks.net Web site informs visitors that they can e-mail questions to the company, but it warns them not to send attachments. "Attachments are deleted by our mail server, please send links," the site states. A link is provided to get help to uninstall the game, if desired.
Andrew Weinstein, a spokesman for AOL, today called the game program "clearly one of the slimiest pieces of adware we've ever seen," adding that "we're doing everything we can to stop it."
So far, the worm appears to work only on AOL's IM client, but the code appears to have the capability of being modified to work on others, Weinstein said. "We're strongly opposed to this piece of software and ... we're actively investigating both legal and technical steps to prevent its distribution."
AOL will include spyware-detection features in its next version of AIM, due out in several weeks, to fight such programs, he said. The new AIM version will scan for spyware on a regular basis and remove them, he said.
Francis deSouza, CEO of IMlogic Inc. in Waltham, Mass., which provides security for corporate IM users, said the Osama Found worm is the start of what appears to be a new problem in corporate communications.
"I think the whole area of viruses and spam over IM has really not been addressed," deSouza said. Because of the pop-up nature of IM, this is something that can become seriously disruptive for users and companies, he said. About 5% to 17% of IM messaging today is spam, he said, according to IMlogic figures, and that can be a problem for businesses.
"This is something you need to address as a company," deSouza said.




Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.



Our Commenting Policies
Internet of Things: Get the latest!
Internet of Things

Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!