In recent months, AIM viruses and other hoaxes have been increasing in frequency and popularity.  The goal of this article is to undermine the common techniques used by hackers and to educate you on what is a hoax and how to protect yourself.

Major points in this article are:

• What is an AIM virus


• Identifying AIM viruses


• Protecting yourself


• Removing AIM viruses


• How to help friends remove AIM viruses

What is an AIM virus
AIM viruses are viruses transmitted via AOL Instant Messenger and replicate relentlessly.  Once a machine is infected, it spams all users on that machine’s buddy list and sends them a link or a file to download.  Since many people have been caught off guard, these viruses have been a major success. 

Identifying AIM viruses
In order to get a virus over AIM, you must be either redirected to a website or sent a malicious file using the file transfer.  AIM does not execute code, so simply typing in a viral code into the message window will not work.  The file must be executed directly on the users machine by another means.

There have been many different tricks used in sending viruses over AIM in recent months, but the most common one is using a spoof technique:

“Hey man, check this out!”

You will notice that check is hyperlinked in the above sentence.  When this link is clicked, it can be taken anywhere.  Generally, people assume that John Doh would never send them something malicious, so they click on check without a second thought.  Suddenly, it opens up Internet Explorer and goes to a page where an ActiveX control is downloaded and then installs the virus on your machine.  Without ever thinking, you just got yourself into a huge mess.

Another common method, a similar technique, is this:

“Hey man, look at this!  www.xanga.com “

Again, there is an apparent hyperlink to xanga.com, however, the link code is actually made to go to my website, derbydigital.com/spoof.php.  In a malicious case, this website would download ActiveX onto your machine, and in return would give you the virus.

Although the above two cases are the most common, there are a few other techniques used to throw a monkey wrench into the process.  Site redirects for example, can pose a major problem.  Some sites can be customized to look real, and redirect you to a malicious site down the road.  Another way is making files executable.  For example, http://www.derbydigital.com/picture.com looks like it is just a simple picture.  Most users will see this and think, picture.com, cool!  In this case, COM is actually an executable file that will execute a viral script on your machine.

Protecting Yourself
Always check your links prior to clicking on them.  If you hold your mouse over a link for a few seconds, it will display the actual address that it will send you to.  If you right click and click “Copy Shortcut”, you can then paste the link into a window to make sure its what you intend to go to.  If its not, it’s a big hint that you should not click on the link, and that you should notify the person immediately.

In the past, I have usually recommended that users ask the person in question whether the link is authentic or not.  Recently, viruses have started to talk back to users who chat, so when you ask “Is that a good link?” it will automatically respond “Yea its fine man, no worries!”

Personally, I am now recommending that all customers directly copy and paste links instead of using hyperlinks.  The risk is too great that they will get in a hurry and get spoofed.

Removing AIM Viruses
Viruses transmitted over AIM are very annoying because it is difficult to troubleshoot the problem without the network or computer crashing.  There is a tool made called AIMFix that claims to fix all known AIM viruses, and if it doesn’t, all you have to do is e-mail the creator the information and he will add it.  AIMFix can be found here:  http://www.jayloden.com/aimfix.htm

Sometimes, this tool is not sufficient, or the removal isn’t ready right away.  In this situation, you would have to resort to typical virus removal techniques:

1. Boot into Safe Mode with Network Support


2. Run Trend Micro Housecall http://housecall.trendmicro.com


3. Research viruses found


4. Delete virus files and registry entries as per research


5. Reboot and test

Helping Friends
Since these viruses are so easily transmitted, it is essential that you help friends out who get these viruses.  The first step is to get them off of AIM!  This prevents any distribution potential while you are helping them.  Walk them through the removal process either over the phone or on another messaging client.  You can also help prevent future transmissions by pointing them to this guide and getting them educated.  The fewer people who are fooled by this, the slower they transmit.

Conclusion
Just a quick recap, please be sure to check your links before clicking on them, and be aware of the situation and how viruses transmit.  By understanding how they work, you can prevent them from occurring.

Good luck in the continuing effort to keep the internet clean!

Like what you read?

If so, please join over 28,000 people who receive our exclusive weekly newsletter and computer tips, and get FREE COPIES of 5 eBooks we created, as our gift to you for subscribing. Just enter your name and email below: