Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Instant-Messaging Attacks On the Rise

Posted by CmdrTaco on Wed Jan 11, 2006 10:39 AM
from the no-shock-here dept.
Security
Ant writes "CNET News.com and ZDNet News report that security attacks over instant-messaging (IM) networks became more prevalent in 2005, according to a new study. MSN experienced the largest number of IM security incidents in both 2004 and 2005, while year-on-year incident growth rates were largest on AIM."
+ -
story
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Instant-Messaging Attacks On the Rise 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Obvious (Score:4, Insightful)

    by heavy snowfall (847023) on Wednesday January 11 2006, @10:44AM (#14445908) Journal
    Obvious, they go to where the easy targets are. As a plus: When you infect a computer connected through AOL the chance of discovery and subsequent removal is smaller. How many granny's on AOL run a firewall+spybot+antivirus etc?

    • Re:Obvious (Score:2, Interesting)

      by dc29A (636871)
      Obvious, they go to where the easy targets are. As a plus: When you infect a computer connected through AOL the chance of discovery and subsequent removal is smaller. How many granny's on AOL run a firewall+spybot+antivirus etc?

      I doubt it's only AOL. How many non AOL average Joes use a firewall, antivirus and antispamware? The vast majority of home computer users don't give a damn about or are totally clueless about computer security.

      That and everyone and his mother running with a root account so once you g

      • The problem with companies like AOL, EarthLink, etc, is that they give a false sense of security to their users, claiming that they will be protected from everything. Not a day goes by I don't see their stupid TV commercials and feel sick.

        If people want to be really safe using the web, they need to be conscious about their computer and their security. This is a major drag for average users, but there's no other way. Even if the programs that access the web were 100% safe, there are ways of attacking users

    • AOL has implemented a lot of such software in their client software and do more and more scanning inline on opening connections and traffic patterns. I'd guess that helps them out a wee bit.

      AOLs goal has always been to provide a good experience to novice users... they do serve that target market fairly well in terms of providing information and services to those customers.

      PS: Not trying to start a AOL bad-experience thread here. The first paragraph is the important one. The second is just what their obje
    • How many granny's on AOL run a firewall+spybot+antivirus etc?

      Don't limit it to grandmother's in their retirment homes in Florida; most of the general public is none too swift, nowhere more evident than in the tech field. I harp on this all the time. People need to use some god-given common sense, but that's the one thing lacking. There's nothing wrong with using whatever IM system you choose as long as you're smart about it.

    • Didn't you see their new ad? The new and improved AOL blocks all spyware, foils all hackers, and does you up the butt all with a single mouse click!
      • - My grandma doesn't use AOL.
        - She uses linux, user account.
        - iptables, ids.

        I was talking about your average grannies in FL. (Their neigbours are probably the spammers exploiting their boxes..)

  • Simple Fix (Score:3, Funny)

    by jimbolauski (882977) on Wednesday January 11 2006, @10:45AM (#14445916) Journal
    FTA:
        "We recommend that customers do not click on attachments or links in IM without confirming their validity with the person who sent them"

    When is a patch going to come out for this problem, it seems to have been plaguing the net for quite some.


    • What is interesting to me is the number of new users to IM services fall for Bots that chat with them using a perl script or whatever. Now some of the worms using IM are chatting with the users first in order to work better:

      http://news.com.com/New%20IM%20worm%20chats%20with %20intended%20victims/2100-7349_3-5984845.html [com.com]
    • "We recommend that customers do not click on attachments or links in IM without confirming their validity with the person who sent them"

      When is a patch going to come out for this problem, it seems to have been plaguing the net for quite some.

      Once AOL start requiring (for 'technical' or even 'security' reasons) a set-top box to place on top of the monitor. This will track the location of the user using an inbuilt digital camera. Every so often it will cause a popup message containing suitably spammy tex

    • Re:Simple Fix (Score:5, Funny)

      by Phisbut (761268) on Wednesday January 11 2006, @11:02AM (#14446054)
      When is a patch going to come out for this problem, it seems to have been plaguing the net for quite some.

      We've been trying to patch human beings for quite a while now, but they just don't seem to stand still. We'll get to it though.

  • Am I the only one who hasn't noticed it? (Score:5, Interesting)

    by peragrin (659227) on Wednesday January 11 2006, @10:47AM (#14445927)
    I have not seen any such attacks when using my normal IM software. I am constantly connected to AIM but I never recieve such problems. It might have to do with the fact that I use Fire/iChat, or Kopete/Gaim.

    Maybe because my IM client doesn't download and run activeX ads I don't have such problems. The AIM client for Windows doesn't like running in restricted user modes or restricted IE settings on any machine i have installed it on.

    So I would say it's not so much IM problems but more of the same IE/ActiveX security issues that continually plague the world that uses that crap.
    • I think it also depends on your buddy-list. The demographical variation in a buddy-list of your average John Doe or Grandma Doe should be very different from someone posting here on slashdot.
      • A good point. even though my AIM screenname is readily availbe on many webistes and forums, I have to accept messages first.
        • I had a large hand in developing a security policy for my workplace regarding instant messaging. One of the key points in the policy is that all IM software is to be configured to automatically reject unsolicited IMs (i.e. "Only accept messages from people in my buddy list"). Not a great solution if malware infects a user's computer, hijacks the IM client (or just the username/password), and propagates to all of that person's IM buddies. However, most of the IM-based malware also has some portion of its
          • All file transfers must be initiated by user action.

            This seems overly broad. How do you automate internal file transfers with a policy like this? Do you have no operational systems that need to provide data extracts to analysis systems or the like? Or do you allow automated transfer in documented and approved situations?

    • Your assumption that these security are IE/ActiveX related is completely flawed.

      I am a WinGaim user and I have seen a large number of infected AIM profiles and away messages as well as received quite a few "click this" type IMs. The vast majority of these attacks are social attacks. Generally, the malware inserts a "click this" type link that tries to get you to "look at my pictures" or something like that with a link to pictures.gif.pif.

      For IE 6 or FireFox users running on Windows XP with Service Pack 2, t
        • Only partially true.

          IE 6 with SP2 shows "Run" instead of "Open" for executable and then WINDOWS (not IE) displays the prompt I am discussing.

          FireFox simply disables "Open" instead of displaying run, but then shows the download manager which reads "Open" regardless of the file type and if you click that prompts you "Open Executable File?" and even has a "Don't ask me again" check box. You press "OK" (not "Run") to continue.

          Upon further testing... I have discovered that FireFox DOES NOT cause the WINDOWS prom
  • I've seen messages which are supoposedly coming from women who want to "chat". These are most of the time spam. I ignore them, but i think this is a common tactic that is probably used by hacks.

    http://www.stockmarketgarden.com/ [stockmarketgarden.com]
    • Wow your sure? Hot lesbians teenage sluts don't want my hard throbbing cock? I am shocked and here I am trying to enter fake cc details to get a date with them. Sigh, is nothing sacred?

      To be fair wether the parent was joking or not it is sadly true that an awfull lot of people fall for this. No I am not some elite super intelligent person, I just know that the chances of an woman on IM sending naked pictures off herself to geeks is roughly zero. It may happen but not to me.

      Free software is even easier som

      • I just know that the chances of an woman on IM sending naked pictures off herself to geeks is roughly zero

        I've gotten a number of these through my lifetime, and met the girls and nailed em. Probably about 5-10 girls in my eight years of IMing...though most of it was back then...now I look for more substance.

        I think next time i get a phish attempt I will give the girl a fake bank account number....I tried calling the FBI once, but they weren't interested. You would think they would at least try.

  • Just don't use their client (Score:5, Informative)

    by endrue (927487) on Wednesday January 11 2006, @10:50AM (#14445966)

    It is too bad that people are not aware of applications like gaim, trillian, etc. You get all the benefits and fewer risks (not to mention that you avoid all the bolted-on crap that comes with all the default clients).

    We use MSN Messenger at my work and everyone uses the MSN client. Has anyone seen this embarrasment? There is so much crap tacked around the buddy and message windows that it is almost unusable. I am trying to move people over to trillian and it is not hard. Once they see a nice clean UI, they want to use it.

    I guess its time to start educating the masses!

    • Re:Just don't use their client (Score:5, Interesting)

      by Xrikcus (207545) on Wednesday January 11 2006, @10:54AM (#14445997)
      Most people I know (and I mean most, including the geeks - one ex hardcore linux user) prefer the msn client to gaim and so on. They've used gaim and similar clients, they've made the effort, and gone back to the msn client.

      I'm not really sure why... but that is the case.

      • Re:Just don't use their client (Score:2, Insightful)

        by Anonymous Coward
        Well, most people I know think the MSN client is a crufty, bloated piece of shit.

        The plural of "anecdote" is not "data".
    • of course there is allways http://meebo.com/ [meebo.com]meebo too.
    • The problem isn't just with their client (albeit that's the viral spreading half), it's that people are downloading applications by clicking on links. How does a different content protect people from receiving the payload?
      • Your point is valid, however people will click links on webpages and in emails as well. By switching to a generic client you are bypassing the security hassles (i.e. the things that cannot be helped) and you are left with the user having to be responsible just like they have to be on every web-based medium.
    • Trillian isn't that wonderful. It has even worse usability problems than the official MSN client does. Sure it looks a load better, but it took me about 10 mins to figure out how to change my MSN display name (answer: click on the mail icon). Meanwhile I went up about 6 blind alleys, and got very frustrated.

      Trillian is many things, but clean and usable UI it is not.

  • MSN had a 57 percent share of the attacks, AOL had 37 percent and Yahoo had 6 percent

    I do not use msn. But we (myself and my friends in yahoo chat rooms) were annoyed beyond limit by attacks. There are fake sites asking you to enter yahoo passwords and so on. I can imagine what hell msn users must have gone through.

  • I'm not susceptible to IM viruses, ever since my friend X_Cindy_X_12345 IM'd me with this link to a special program I had to install. It prevents any kind of issue with the(##*@JN#IN#F____+++ NO CARRIER

  • Mobile phones (Score:4, Insightful)

    by Rob T Firefly (844560) on Wednesday January 11 2006, @10:56AM (#14446012) Homepage Journal
    This is going to cause more and more of a problem not just for Joe Average PC user, but for the growing numbers of people with IM capability on their mobile phones and other devices, where using a clean third-party client is not an option, and where many plans still charge by the message.
  • IM applications are hot attack vectors.

    1. Most instant messenger applications are client dependant. You need YIM/AIM/MSNM clients to talk to others on those IM networks, unlike client independant networks such as IRC.

    2. IM programs store contact lists much like a standard email client. Easy to read, exploit and spread.

    3. Most IM programs enjoy a high degree of popularity. Higher user counts = faster spreading.

    It's probably why I avoid IM programs like the plague.
    • While it may be a hot attack vector, I don't see why it's an infection problem in the corporate world. Everything depends on the user being able to download & execute the payload. If it's a home user, there aren't may protections in place to save them. In a corporate environment, downloads should be filtered to begin with. This prevents the vast majority of spyware encountered while browsing the web from being installed. It would also prevent users from downloading viral payloads linked to them tho

  • Phishing (Score:3, Informative)

    by AviLazar (741826) on Wednesday January 11 2006, @11:03AM (#14446061) Journal
    I still get a lot of these. Someone will message me, with PISS poor english...claim they are from the US and abroad (or in one instance...a girl from England who lives in the US but is visiting her family). Sends me some model pictures and talks to me...within hours telling me how she loves me and thinks there is something special...it usually lasts about two weeks---hey I do get bored playing CS -- and at least I am keeping those clowns busy.

    It's amazing, and there is really nothing we can do about these idiots except hope people won't be stupid enough to send them money. In the end, it is the old scams "I am from war torn country, send me account number so I give you 10 million..."

  • Microsoft market leader.. again! (Score:3, Interesting)

    by naelurec (552384) on Wednesday January 11 2006, @11:12AM (#14446136) Homepage
    MSN experienced the largest number of IM security incidents in both 2004 and 2005

    So they have over 50% of the market on IM security incidents .. go Microsoft!

    Just curious, what is their marketshare for IM? I tried looking it up w/o success.
  • Something to be said for still using ICQ. It has a simple interface, supports what I need (text messages to co-workers mostly), and with the increasing popularity of the other services, I haven't had any spam/pR0n offers in months.
    • I don't like those ads in the bottom of my chat window on ICQ. Plus it's a rather large download for just an instant messenger (not counting ICQ Lite here, folks)

      You should try Camfrog. Does instant messaging, has neato features like privacy mode (Not on the contact list, they can't contact you, period) and it's one-on-one videoconferencing is practically second to none. It's free (Pro version is like.. 50 bucks or something, and for your needs, it's not worth it) and it's fast, and a 2.4 meg download.
  • sxybtrfly99: So you like my personality, I can send you a photo.
    manstud45: Yeah, U R totally cool, I really like chatting w/U. Can IM me the pic?
    sxybtrfly99: Sure, right away. I have something I have 2 tell U. ;)
    manstud45: It's kool, Im sure I can handle it :)
    sxybtrfly99: I sent U my photo. Bi the way, did U ever see the movie "The Crying Game"?
    manstud45: What is this?!?!? WHAT HAVE YOU DONE??? MY PC IS ALL MESSE
  • Hey, this is an interesting article. Anyone who wants to discuss it hit me up on UIN 5050554. Oh wait... nevermind. I forgot that someone jacked my password and changed it last year! I had a low number you skank! Anyway, if you have my password, please place it on my desktop in a text file at 153.145.2.302 Thanks
    • Thank God for IRC

      Rly? ... cuz my m8 got 0wned by this hacker on AIM. Posted about it on his myspace account if u wanna read it. u think i should tell him 2 go 2 IRC? r ther no hackers there? I'll tell him i heard its saf3r, k? cuz I heard they can get ur IP number on AIM & not on IRC, that true 2?

      (egad, writing like that was a terrible strain, even if only for a few sentences... how do the aolam3rz manage it?)

      • Re:IRC, you say?... (Score:4, Funny)

        by ZiakII (829432) * <halfwarr@gmail.cNETBSDom minus bsd> on Wednesday January 11 2006, @10:54AM (#14445989)
        Rly? ... cuz my m8 got 0wned by this hacker on AIM. Posted about it on his myspace account if u wanna read it. u think i should tell him 2 go 2 IRC? r ther no hackers there? I'll tell him i heard its saf3r, k? cuz I heard they can get ur IP number on AIM & not on IRC, that true 2?

        OMGZ I just pwned some guy yesterday mebe it was u?, haha what a n00b he told me his IP was 127.0.0.1 and I used some 1337 program to pwn his comp and now I have full permission to do it, I think I'll start deleteing his files. LOLZ!

        • Re:IRC, you say?... (Score:4, Informative)

          by Cyberax (705495) on Wednesday January 11 2006, @01:02PM (#14447086)
          Almost everyone knows that 127.0.0.1 is a loopback address.

          But it is not widely known that ANY 127.x.x.x address is loopback. So you can have a lot of fun asking to attack, say 127.3.44.165 :)
      • Rly? ... cuz my m8 got 0wned by this hacker on AIM. Posted about it on his myspace account if u wanna read it. u think i should tell him 2 go 2 IRC? r ther no hackers there? I'll tell him i heard its saf3r, k? cuz I heard they can get ur IP number on AIM & not on IRC, that true 2?

        Y wud any1 wnt 2 rite lyk tht?

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.