Instant Messaging Worm Traced

UPDATED Feb. 25 at 1:20 a.m.

A Crimson investigation has connected ViddyHo.com—the site responsible for an instant messaging worm that spread Tuesday—to an online account belonging to San Francisco man Hoan Ton-That.

The worm struck many Harvard students who received messages on Google Talk, Google’s instant messaging client, directing them to click on a link that led via TinyURL.com to ViddyHo.com.

ViddyHo.com asked visitors to log into their Google Talk accounts. The site used the log-in information to perpetuate the worm by sending replicas of the original message to the users’ contact lists.

An archived copy of the registration information for ViddyHo.com lists Cam-Hoan Ton-That of San Francisco and HappyAppy Inc. as the registrant.

The site Venture Hacks lists Hoan Ton-That as the sole member of HappyAppy Inc, a relationship that was confirmed by Hoan’s lawyer, Andre Gharakhanian of Silicon Legal Strategy.

Gharakhanian said he was aware of the ViddyHo.com worm because of a post on the tech gossip blog ValleyWag but said that, to his knowledge, Ton-That was not involved.

ViddyHo.com was inaccessible after 7:50 p.m. Tuesday night, and a representative of Afraid.org, a site involved in the hosting of ViddyHo.com, confirmed that the site’s account was suspended for violating Afraid.org’s terms of service.

Hoan had not returned repeated requests for comment Tuesday night.

The Crimson reported late Tuesday on a less direct connection between Ton-That and the worm.

—Staff writer Daniel C. Carroll can be reached at carroll@fas.harvard.edu.

SEE EARLIER STORY BELOW

A Crimson investigation has connected ViddyHo.com, the site responsible for an instant messaging worm that spread Tuesday, to an online account belonging to San Francisco man Hoan Ton-That.

The worm struck many Harvard students who received messages on Google Talk, Google’s instant messaging client, directing them to click on a link that led via TinyURL.com to ViddyHo.com.

ViddyHo.com asked visitors to log into their Google Talk accounts. The site used the log-in information to propagate the worm by sending replicas of the original message to the users’ contact lists. The account information may have been stored and used to access accounts by the owner of ViddyHo.com.

An account name HappyAppy was linked to both ViddyHo.com and the Web site HappyAppyInc.com—a site that shares the name of Hoan Ton-That’s company HappyAppy Inc.

The two sites were connected through their shared username on Afraid.org. Both used the site as a free name server. A name server works like a phone book to look up an IP address for a domain name, for example, 74.125.19.99 for Google.com.

The registry on Afraid.org showed that user HappyAppy created the record for ViddyHo.com seven days ago. The same user had also created a record on Afraid.org for the site www.happyappy.inc about a year ago.

The site Venture Hacks lists Hoan Ton-That as the sole member of HappyAppy Inc, a relationship which was confirmed by Hoan’s lawyer, Andre Gharakhanian of Silicon Legal Strategy.

Gharakhanian said he was aware of the ViddyHo.com worm because of a post on the tech gossip blog ValleyWag but said that, to his knowledge, Ton-That was not involved.

Afraid.org representative Joshua Anderson confirmed that user HappyAppy was suspended Tuesday for violating the site’s terms of service, and the records for ViddyHo.com and HappyAppyInc.com on Afraid.org have been deleted, leaving both sites inaccessible.

Hoan has not returned repeated requests for comment Tuesday night.

—Staff writer Daniel C. Carroll can be reached at carroll@fas.harvard.edu.