Screaming Penguin - Source Does Matter

Beware the free porn on IM? CERT has issued an advisory dealing with the recent rise of social engineering attacks perpetrated through IM by malicious users offering porn, anti-virus, music and more. Actually these attacks are pretty clever.

Basically the malicious user sends an IM saying ' Hey man, get free pr0n right here at this URL, its a backdoor! - insert url ' or something of the sort. The some clowns that use IM CLICK ON IT. Then malicious code is installed on the users computer and is later used as a base for other attacks or even in a DDoS attack! Thats the clever part.

The moral, dont run software on your computer from an unknown source. (Seems really silly to have to say that out loud, or type it, but people just dont get it.)

Here is an excerpt from the advisory:

Reports received by the CERT/CC indicate that intruders are using automated tools to post messages to unsuspecting users of IRC or IM services. These messages typically offer the opportunity to download software of some value to the user, including improved music downloads, anti-virus protection, or pornography. Once the user downloads and executes the software, though, their system is co-opted by the attacker for use as an agent in a distributed denial-of-service (DDoS) network. Other reports indicate that Trojan horse and backdoor programs are being propagated via similar techniques.

For more info see the linked advisory itself.

  Social Engineering Attacks via IRC and Instant Messaging: CERT IM Alert