MSN makes an attempt to stop IM-worms

08 Apr 2005

minute read

Authors

Roel Schouwenberg

MSN released version 7 of their Messenger yesterday.

In addition to some other new features, the new version also incorporates functions to prevent the spreading of malware.

The developers have taken some serious steps to prevent the sharing or spreading of .pif files. Any incoming or outgoing message with a “.pif” in it will be blocked completely.

Too bad that MSNM doesn’t tell you that this is happening. Messages won’t get delivered to the recipient, but neither the recipient nor sender will be notified that the message has been blocked. Not very user-friendly, IMHO.

In addition to filtering messages, MSN 7 also filters incoming file transfers. This filtration applies to files such as executables (with extensions such as .exe, .com, .scr etc) and other potentially dangerous types of file such as .vbs and .reg.

We’ve already seen IM-worms which spread in the form of a link to .scr files, so the measures that MSN developers have taken won’t be 100% effective. But I think the complete blocking of .pif files is the most important innovation, as it’s IM-worms spreading as .pif files which have been the most ‘successful’ to date.

Although some users may not like this kind of filtering, I think in the long run we’re better off. IM-worms are becoming more and more common. Sooner or later users will have to learn to live with security measures designed to combat their spread.

Authors

Roel Schouwenberg

MSN makes an attempt to stop IM-worms

Latest Posts

Latest Webinars

Reports

In this report Kaspersky researchers provide an analysis of the previously unknown HrServ web shell, which exhibits both APT and crimeware features and has likely been active since 2021.

Asian APT groups target various organizations from a multitude of regions and industries. We created this report to provide the cybersecurity community with the best-prepared intelligence data to effectively counteract Asian APT groups.

We unveil a Lazarus campaign exploiting security company products and examine its intricate connections with other campaigns

How Kaspersky researchers obtained all stages of the Operation Triangulation campaign targeting iPhones and iPads, including zero-day exploits, validators, TriangleDB implant and additional modules.

MSN makes an attempt to stop IM-worms

GReAT Ideas. Balalaika Edition

GReAT Ideas. Green Tea Edition

GReAT Ideas. Powered by SAS: malware attribution and next-gen IoT honeypots

GReAT Ideas. Powered by SAS: threat actors advance on new fronts

GReAT Ideas. Powered by SAS: threat hunting and new techniques

ZeroLocker won’t come to your rescue

A Post-PC BlackHat?

Adobe Updates April 2014

Trust. Trust. Trust

Adobe’s First Patch Tuesday of 2014

In search of the Triangulation: triangle_check utility

How to train your Ghidra

OpenTIP, command line edition

Extracting type information from Go binaries

GReAT thoughts: Awesome IDA Pro plugins

Latest Posts

DinodasRAT Linux implant targeting entities worldwide

Android malware, Android malware and more Android malware

Threat landscape for industrial automation systems. H2 2023

A patched Windows attack surface is still exploitable

Latest Webinars

The Future of AI in cybersecurity: what to expect in 2024

Responding to a data breach: a step-by-step guide

2024 Advanced persistent threat predictions

Overview of modern car compromise techniques and methods of protection

Reports

HrServ – Previously unknown web shell used in APT attack

Modern Asian APT groups’ tactics, techniques and procedures (TTPs)

A cascade of compromise: unveiling Lazarus’ new campaign

How to catch a wild triangle

Subscribe to our weekly e-mails