Google Talk Users Tricked By A Misleading Video Link

Many lovers of Google Talk—a commonly used instant messaging client and procrastination method for students—received an unwelcome surprise yesterday as they were bombarded with messages propagated by an internet worm.

The messages directed users to ViddyHo.com—which asked visitors to provide login information for their Google Talk accounts—through a TinyURL.com link. The worm then used that information to send replicas of the message to contacts listed on the newly-infected user’s Google Talk account.

ViddyHo.com has been linked to Hoan Ton-That of San Francisco through online registration information for the site.

TinyURL.com allows users to give a long Web site link a short alias, which can help hide the link’s true destination.

“I feel really dumb for doing it,” said Sarah H. Arshad ’09, who entered her user name and password only to see a random, nonsensical video appear on her screen.

“I mean, it’s funny because I instinctively felt I shouldn’t be doing it, but I clearly did it anyway. I should know better by now,” Arshad said. “It’s never happened [to me] before, but it’s common sense not to put your password and login on a site that’s not Gmail.”

Nicholas A. Smith ’09—who received the worm’s message from Arshad—said he clicked the link and entered his login information without thinking because she often sends him video links and because the site looked “legit.” But he quickly grew suspicious after 20 or 30 seconds.

“It started seeming a little fishy because it was taking a long time to load, and I started to ask myself, ‘What site is this anyway?’” Smith said. He said that the worms’ victims can rectify the issue by clearing their browser cookies, changing their Gmail passwords, and restarting their browsers. ViddyHo.com also appears to have been taken offline.

The inconvenience came on the same day that side effects from Google’s routine technical maintenance work left millions of Gmail users without service for over two hours. This was the worst outage to date for Gmail, which serves 113 million users worldwide, according to the Financial Times.

Joshua A. Kroll ’09, former president of the Harvard Computer Society, said users should take care not to click on unfamiliar links. He also said that TinyURL.com includes a preview feature that can give Web surfers an indication of the link’s actual destination.

—Staff Writer Peter F. Zhu can be reached at pzhu@fas.harvard.edu.