[asterisk-users] Asterisk Viruses?

Tzafrir Cohen tzafrir.cohen at xorcom.com
Sat Mar 24 08:20:52 MST 2007


Hi

On Sat, Mar 24, 2007 at 09:21:01AM -0400, Matthew Rubenstein wrote:
> 	The Skype network is circulating a virus that has appeared there
> before:
> http://www.informationweek.com/news/showArticle.jhtml?articleID=198500135 . 
> The virus sends a URL to other Skype users in the infected user's 
> contacts, which the target Skype displays as clickable. Clicking 
> downloads the virus. 

This is not a "skype virus" per-se. Skype's instant messanging is used
to transfer the URL of the file. According to the description, the user
even has to confirm the execusion of the program.

If there is an issue here it is with the user interface of the client
program or with other parts of the client system. No inherent feature of
Skype's protocol is used here.

Otherwise it is yet another variation of the "stupid programmer
virus ("I'm a programmer from ___. In my coutry we're still primitive
and don't know how to write viruses. So when you get this mesage, please
delete some important files and send this message to all the people n
your contacts list").

Variations on this theme have been available for just about any instant
messaging service.

> Asterisk supports features like these, 

Sadly, not enough,

> in combination with certain 
> clients (which aren't themselves Asterisk), including IM and URL 
> redirection. Any reports of this kind of attack on Asterisk itself, 
> or using Asterisk to support those potentially vulnerable clients? 

This is a purely client issue. Asterisk cannot be expected to filter
URLs passing through it (and even if someone would be foolish enough to
try to do that, there are enough ways around this. Not the least of them
is some trivial javascript redirection).

-- 
               Tzafrir Cohen       
icq#16849755                    jabber:tzafrir at jabber.org
+972-50-7952406           mailto:tzafrir.cohen at xorcom.com       
http://www.xorcom.com  iax:guest at local.xorcom.com/tzafrir


More information about the asterisk-users mailing list