When College of Arts and Sciences freshman Kris Arcand clicked on a link and downloaded software for an Osama bin Laden computer game, he didn’t realize he had just allowed his AOL Instant Messenger buddy list to be hijacked.
“All these people on my buddy list started IMing me almost instantly, saying ‘no’ and ‘not now,’ and I couldn’t understand what was going on really,” Arcand said. “Until one of the smart ones came back with ‘Kris, hon, you’ve got a virus.'”
Arcand received the link from a friend’s roommate via Instant Messenger and said he trusted it because he knew the source. He downloaded the software necessary to play the game, but then it began sending the link to people on his buddy list.
“The link was something like, ‘Ahahaha, look an Osama game – click here!'” he said. “It would replicate itself, and anyone who downloaded the software for the game would contract it.”
Arcand had been hit by a fairly new technological threat – malicious programs that integrate themselves in Instant Messenger like parasites, hijacking a user’s profile or buddy list, installing unwanted software and sometimes wreaking havoc on a user’s machine.
Some seize buddy lists to further spread the software. Others take over profiles, turning a space many students use to showcase favorite song lyrics, links and quotes into a trap to lure their friends into downloading unwanted software.
“SOCIAL ENGINEERING”
Programs like the one that took control of Arcand’s buddy list do not usually latch on to a computer without warning. Typically, the programs require some sort of invitation from the computer’s user – often procured through trickery, said computer science professor Leonid Reyzin.
“In general, the idea is to get the user to install the hostile program on the user’s machine,” Reyzin said. “Essentially you are social engineering.”
Writers of hostile programs may piggyback them with other programs or trick users into thinking they want the software. Once a user gives the software the green light, the programs are free to wreak havoc, Reyzin said.
While some programs can be removed using anti-virus or ad removal software, others can be difficult to uninstall, Reyzin said, as programmers can add scripts that check to make sure the program is still installed when computers start up.
“To really disable the thing, you’ll have to go into the system files to make sure that nothing starts to do that check,” he said.
Users trying to uninstall unwanted programs must also look out for files that may be integrated with other programs, Reyzin said.
“A single program is not a single file anymore,” he said. “For the casual user, it’s usually hard to tell the difference between files belonging to different programs.”
WIDESPREAD VICTIMIZATION
Many Boston University students have fallen victim to these programs, said Jim Stone, the Office of Information Technology’s director of consulting services.
He said students are particularly susceptible because they spend lots of time online and don’t always pay attention to what they click on or run updated anti-virus software.
“Your best defense is anti-virus software and being a little more careful,” he said.
Although computer viruses and malicious software are nothing new, attacks involving Instant Messenger are a fairly recent and particularly nasty innovation, he said.
Because they seem like legitimate links from friends, users can get a false sense of security.
“I think the people [who write the scripts] are having to get more clever because all their old methods are being detected and stopped,” he said. “The Instant Messenger one – I just think it’s a very mean way to take advantage of people.”
CAS junior Katherine Shinopoulos’s computer contracted such a virus after she clicked on a link in a friend’s profile. The program erased her old profile and showered her computer with pop-up ads.
“It said it had already installed, and that if I clicked on this link and waited 30 seconds it would be deleted,” she said. “I think that was how it actually got installed, and they were just lying.”
Though she was able to get rid of the software with the help of a friend who works at the Personal Computing Support Center, Shinopoulos said her roommate, who had the same problem, has been unable to get rid of the pop-up ads on her computer.
Shinopoulos said she is now more cautious about clicking on links.
“I wait to see what the web address is before I click,” she said.
For Arcand, who was able to delete the program that infected his computer, the problem was not corrupted files or millions of pop-ups, but social friction resulting from IMs going out to random people on his buddy list.
“Essentially there were people I hadn’t talked to, people who didn’t know who I was, people I didn’t want to talk to that were receiving this link from me, causing many more social problems than I frankly cared to deal with,” he said.
FIGHTING BACK
While some of these programs may only present annoyances for students and some can be easily quarantined, computers can suffer irreparable damage, Stone said.
“In the worst cases, you have to reformat your hard drive, and that can be a very high price to pay,” he said.
That involves erasing all programs, files and settings, forcing students to start from scratch.
Bryson Gordon, a senior manager in the McAfee Product Division, which manufactures anti-virus software, said the company’s software is effective at keeping Instant Messenger-spread viruses at bay.
“We can intercept the messenger screen and get rid of the virus on that screen,” he said.
Because the virus goes beyond Instant Messenger, Gordon said their software will detect this activity and stop the virus.
Stone recommended students update their anti-virus software, visit reputable websites and be wary of clicking on links – even those from friends.
“You have to question things a little bit more,” he said. “Don’t click on anything you see.”
Reyzin offered similar advice.
“It’s kind of like safe sex,” he said. “Don’t install things if you’re not sure you need them. Protect yourself by not dealing with things you’re not sure about.”
The latest version of AOL Instant Messenger also carries a warning that links may contain viruses or trojan horses – programs like the bin Laden game that seem harmless but have hidden malicious functions.
Viruses cannot be transferred through an IM, according to AIM’s website, but messages may carry files or links with viruses or trojans.
“Even if you know who is sending a file or a link, you should use caution in opening it,” reads a security statement on AIM’s website.
Stone said he sees the battle against Instant Messenger attacks as an ongoing fight, and stressed the need for student vigilance.
“It’s my impression that every student at BU runs Instant Messenger,” he said. “That’s a lot of people who have to be careful.”
Staff writer Aaron Kellogg contributed to this report.