In the last two days I've received viruses over MSN messenger on two different occasions. Both times, they seemed to come from friends of mine. The first one was in the form of the following message and came with a simple link:

Vote for me:
http://22460.vasedrunjinsaterfuns.com/2215/67179/

At the time of this writing the link above still works and downloads a file called vote.zip. The file is not actually a ZIP archive, instead it's a simple Windows executable. Now, I don't know how people are supposed to be tricked into executing it, because simply double clicking it obviously won't do any damage, but maybe something to do with MSN users' habits of renaming .exe to .zip before sending them?

A scan of the file with the pretty good multi-engine scanner over at Virus Total found a Stration worm, which originated as an e-mail worm and is now apparently broadening it's infection horizon.

The second one was a little trickier, it actually managed to infect my boss and a co-worker of mine from whom I then received the following message, immediately followed by an incoming file request for images.zip:

Sup, seen the pictures from the other night?

A few things were obviously suspicious here:

• My friend just doesn't talk like that. As a matter of fact, few people use uppercase in IM nowadays and I think the last time somebody used "Sup" was last decade. (I may be wrong on the latter one though ...)
• The file was called images.zip yet contained only a single file. Nobody zips a single image because they can't be compressed anyway, and especially not one of some 40 kB.
• The "image" that was contained was called IMG34814.pif, with an extension that is more than suspicious, but might slip the eye of someone who hasn't been suspicious up until now.

I can hardly blame the average Joe for becoming infected with the second one, so the blame goes--*fanfare*--to Microsoft for two reasons.

1. Apparently, the current version of Windows Messenger is scriptable to an extent that is so obviously dangerous that I can't believe the functionality is still in there.

2. Despite Microsoft proclaiming Vista to be the most secure Windows ever, .pif files are still executed without warning.

The second point is especially grave for a number of reasons. Because of the nature of the PIF file format it does not contain any executable code but only meta information, so it could be easily be checked for authenticity. What's worse is that extremely few people have used .pif files ("program information files") after Windows 3.1, so either displaying a very obvious warning message or dropping the registration of the .pif extension altogether would not disrupt anyone.

If you want to disable .pif files on your system, you can use the following registry change to do so (or download this .reg file and double click it):

HKEY_CLASSES_ROOT\.pif\(Default) = "piffile_disabled"

To be more precise, it doesn't suck everything. It just sucks certain messages into digital nirvana, notably the ones with links in them.

At some point in the last one or two days my MSN messenger started rejecting or simply eating messages when I sent out links to my friends. Sometimes I would get timeouts, sometimes it looked like the message was sent successfully but the recipient never got it.

Of course, at first I blamed my messenger software because I'm using the generally great Miranda instead of the highly annoying and way too colorful and animated Microsoft client. But a quick test showed that the messages get lost even with the official client.

I'm assuming it's either an anti-virus feature that Microsoft enabled (just yesterday I got a message from a friend--that he never sent--saying "vote for me" and containing a link that wanted me to download some file) or just an accidental feature that Microsoft enabled (a bug in marketing speech). If it's the first one, someone really didn't think very far, and if it's the second one, then I'm just baffled.

Either way, it strengthens my opinion that ICQ is just the better network. They've had some issues as well, especially with login stability, but messages are transmitted a lot more reliably. Obviously that doesn't help me because the rest of the world uses MSN. Yet another proof that the better product doesn't always win.