A New IM Threat
Instant messengers beware! There’s a new worm in town…a couple of them, actually. Symantec has issued warnings on its Web site about two worms named “Hotmatom” and “Maniccum,” respectively, and termed them both “Level 2″ threats (on a one-to-five scale).
Hotmatom, a worm transmitted en Espanol via Microsoft’s MSN instant messaging network, appears to arrive from a trusted source that warns about a dangerous virus. Users will then click on a “free patch” link that actually deletes root files and copies itself where those files once were.
Maniccum, a somewhat similar worm that spreads through MSN as well as America Online’s AIM, opens a backdoor on a PC where it’s installed and tries to disable various security programs that include anti-virus and firewall software. The backdoor can accept commands from the attacker, be used to access files, update the worm, upload more malicious code, send additional AIM and MSN messages, and launch denial-of-service (DoS) attacks.
Of course, the wired world won’t come crashing down because of these worms, but they illustrate nicely the nature of the threats we’re facing today. Social engineering is the watchword, as the attackers try to dupe people into downloading the same old kinds of stuff through far more sophisticated ruses. The best way to prevent these kinds of breaches is not through high-tech security solutions, but by informing and educating end-users so that they don’t try to download this stuff in the first place. Kudos to Symantec and other organizations that are trying to get the word out.