How To Get Infected

What does it take to create a chain of infection? Perhaps just one credible link.

Last night I came back to my computer to see a an IM message from Josh Rowe, an Australian contact who is active in the anti-spam world Down Under. You couldn’t find a more diligent, experienced and responsible person, so when I saw his message —  http://home.earthlink.net/~gallery10/omg.pif lol! see it! u’ll like it — I didn’t think too hard before I clicked on it.

Of course, you know the rest of the story — it was a copy of the WORM_KELVIR.B which propagates via MSN messenger. According to Trend Micro, it attempts to send that message to all online MSN messenger contacts of an affected user:

When the user clicks the given URL, this worm downloads a copy of itself, named OMG.PIF, from the given URL. When this downloaded copy is executed, it downloads another malware file from the Internet, which Trend Micro detects as WORM_SDBOT.AUI.

Luckily the file had been removed by the time I clicked on the link. What intrigued me — and perhaps lulled me — was that I figured that by using Trillian I was immune to these kind of infections.

The other factor: It came from Josh, chairman of the Coalition Against Unsolicited Bulk Mail in Australia and a pillar of Australian tech society (and a very nice guy.) So why shouldn’t I trust the link? Indeed Josh, who was very apologetic, said that he had become infected because he had received the link from someone else he regarded as having impeccable tech credentials.

So, perhaps this is the secret of good viral infection: Get one credible figure infected, and then you’re on the way to getting everyone else infected. A sort of LinkedIn for viruses.

08. March 2005 by jeremy
Categories: Malware, Scams | Tags: , , , , , , , , , , , , , | 1 comment

One Comment

  1. arrrrrrggggghhhh…… being the stupid fool that I am, I clicked on the worm link. now I have no control over my computer and this is the worm that is writing this…. 😐