Never ones to miss out on the opportunity to hijack some popular culture to spread their evil wares, virus makers have been attacking IM services with a worm and phishing scam around the new Star Wars movie, Revenge of the Sith.
AOL Instant Messenger and Yahoo! Messenger users have reportedly been targeted by the virus. In the case of the AOL worm, the message text adds: "hehe, i found this funny movie." The word "this" is a hyperlink. The Yahoo! message references "StarGames" in the link.
The AOL message downloads malicious code which experts warn could grant someone control over your computer - the Yahoo! one, meanwhile, is a phishing scam redirecting to a page which looks like Yahoo! and encourages visitors to enter personal details.
McAfee warned there had only been one report of the AOL worm in the wild so far, but it could spread over the coming days.
View: AOL Instant Messenger | Yahoo! Messenger
View: McAfee
View: CNet coverage
AOL Instant Messenger and Yahoo! Messenger users have reportedly been targeted by the virus. In the case of the AOL worm, the message text adds: "hehe, i found this funny movie." The word "this" is a hyperlink. The Yahoo! message references "StarGames" in the link.
The AOL message downloads malicious code which experts warn could grant someone control over your computer - the Yahoo! one, meanwhile, is a phishing scam redirecting to a page which looks like Yahoo! and encourages visitors to enter personal details.
McAfee warned there had only been one report of the AOL worm in the wild so far, but it could spread over the coming days.
View: AOL Instant Messenger | Yahoo! Messenger View: McAfee View: CNet coverage
It is important to note that this issue is not a security vulnerability or a hack that puts customers at any risk, nor is it a vulnerability in the activeX control WGA uses to determine if a customer is running genuine Windows. This is simply an issue of users taking a validation code from a genuine copy of Windows and using it on a non-genuine copy of Windows. The threat is similar to that posed by the illegal distribution of software burned to CDs.
Of course a counterfeiter could use this method to steal software for themselves, but because the code expires quickly, it would be useless to share the code with any other users.
Q: Who would benefit from this practice?
A: This method of counterfeiting is only an option for relatively sophisticated users who are running both a genuine version of Windows (from which they would take the code) and a non-genuine version (to which they would apply it). This method only applies to the Download Center, where customers would need to know exactly what to look for, and not Windows Update or the Automatic Updates feature that most customers use.
Q: How does the code expire?
A: Microsoft “hashes” the PID returned from the validation tool (genuinecheck.exe) with a Microsoft.com timeserver time code that is checked by the page logic on the Download Center, which means the code is only valid for a short period of time.
Q: Does Microsoft have plans to change or improve WGA validation to address this vulnerability?
A: With WGA, Microsoft seeks to balance the need to make downloads easily available for customers, while trying to safeguard our IP from counterfeiters. In striking this balance, Microsoft will defer to the needs of its customers to validate their computers as easily as possible so that they can receive the updates they need to stay secure. Furthermore, because the code generated by the validation tool expires so quickly, we don’t perceive this as an issue significant enough to outweigh our customers’ needs for hassle-free downloads.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.