• Yager Bell Tower, Hartwick College
  • Hartwick students working on a project in class.
  • Hartwick students studying rock formations
  • Hartwick students giving a presentation in front of the class.

New Instant Messaging (IM) Threats

The Technology Resource Center has received reports of attacks against users of AOL IM on our campus.

  • One reported attack, the W32/Sdbot-ADD malware bundle, spreads through links sent by spoofed or infected buddies. The malware installs adware and a “rootkit” that allows your computer to be controlled remotely and may disable antivirus programs. Although the worm only infects Windows users, Macintosh users may receive messages from infected buddies. They should notify those buddies of the potential infection.

    Two other IM worms to watch out for:
  • IM.Myspace04.AIM worm sends a message from a screen name on your buddy with a link to a Web site. It then sends a follow-up message, "lol no its not its a virus." It also installs software that allows your computer to be controlled remotely and disables antivirus programs.
  • A third worm, W32/Aimdes.E, spreads by getting users to click on a link to what appears to be a holiday card, but is in fact an executable file.

These worms spread by sending greetings to users on your buddy lists. New threats are also emerging against other instant messaging clients such as MSN and Yahoo, and against IRC.

What is Hartwick doing to protect my computer?
Every Hartwick-issued computer, including student laptops, will have Symantec Antivirus installed. When you are connected to Hartwick’s network new virus definitions are automatically “pushed” out to any computer that has a working copy of Hartwick’s version of Symantec Antivirus software. However, instant messaging users should use extreme caution when clicking on links from within IM.

These worms can disable antivirus software. Technology Services recommends you use the online scanner at: http://housecall.trendmicro.com to check out your computer. If this scanner does find your computer is infected with malicious software, contact the Technology Services Center, Clark 1st floor, x4357. The TSC can assist in removing the malicious software and re-installing a working copy of Symantec Antivirus software. Keep in mind the longer you wait to have your computer looked at the more users you can be potentially infecting--especially if you do not have working Antivirus software!

What can I do to protect myself?
To protect yourself against malicious software that spreads through instant messaging programs, remember the following:

  • NEVER click on a link in an instant message without asking the person who sent it to you what it is, particularly if the message is unsolicited!
  • If you receive an instant message from someone on your buddy list that they don't remember sending, warn them that they may be infected.
  • If you accidentally visit a link that you suspect may have contained malware, stay off your instant messaging client until you have scanned your computer for viruses in order to prevent your computer from infecting the people on your buddy list.
  • Be very cautious with executable (.exe, .com) files! If someone tells you to check out a picture with a file name that ends in ".exe or .com", don't open it! Pictures never have file names that end in .exe or .com, and executable files could potentially be any kind of malicious software!
  • Keep your Anti-Virus software updated with the most current patches and virus definitions.

For more information:
You can read more about these new IM threats at