password stealers

Anyone ever hear or possibly get an E-mail that warned you about having your password stolen by answering an instant message? I don’t see how this could ever happen, so I think it is just someones stupid prank. Anyone know for certain?

It has to be a prank. There’s no way an Instant Message could do anything to your system, as it is just a form of e-mail.

Does IM have file PPP transfer capability like ICQ does? If so, then you are free to accept executable files from persons unknown and tie your own noose. I don’t see any way for malicious files to get in to your machine unless you invite them in by not being sufficiently skeptical & scanning all .exe (& others, see below) files you accept via any means, whether it be IM or e-mail.

Remember how your parents used to tell you “never take candy from strangers?” Well the Internet version of that warning is “never run an executable file from a stranger”. Common examples of executables are those with file extensions such as EXE, COM and BAT (DOC files could have embedded macros that might be nasty, too). If you get a file with any of those extensions, then look out- you could be putting yourself at risk. Other files with extensions like TXT, JPG, GIF, AVI, MPG, WAV and so on are not executable file types, they are data type files and perfectly safe to open. Until you allow code to RUN, it is harmless. So to be safe, don’t run executable code unless it comes from a reputable source (e.g. TuCows, Download.Com, etc.).

Update on the reputable source angle: it has recently become possible for malicious attachments to arrive in your in box (apparently) from people you know & trust. A good friend sent me an email a few days ago and I noticed that the happy99.exe file was attached. Since this bug has been around the block a couple hundred thousand times, I was quick to delete it at once, but I had to call the guy and ask him why he attached that file. Turns out that he didn’t attach it, it attached itself somehow.

So the safest course of action seems to be to never open any .exe, .bat, .com or .doc attachments unless you are explicitly expecting them. If you’re not sure, save it in your in box without opening it, and send the author a note asking what the nature of the attachment is. If you get no response or he says he didn’t send anything with an attachment, purge that puppy promptly.

Sorry I got a little long-winded here, but I’ve done too many system recoveries lately that could have easily been prevented if the operator had a little virus sense.

Thats quite alright, I am glad for the reassurance. I am not the brightest bulb when it comes to computers, but I always thought that you could not get a virus or your password stolen without downloading and executing some program. I had to ask, because a friend of mine asked me the same question, and we wanted to hear more on the subject… its a shame though, that some people actually believe this stuff and grow a sense of fear just by reading their mail.