Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security

Instant-Messaging Attacks On the Rise 151

Ant writes "CNET News.com and ZDNet News report that security attacks over instant-messaging (IM) networks became more prevalent in 2005, according to a new study. MSN experienced the largest number of IM security incidents in both 2004 and 2005, while year-on-year incident growth rates were largest on AIM."
This discussion has been archived. No new comments can be posted.

Instant-Messaging Attacks On the Rise

Comments Filter:
  • Obvious (Score:4, Insightful)

    by heavy snowfall ( 847023 ) on Wednesday January 11, 2006 @10:44AM (#14445908) Journal
    Obvious, they go to where the easy targets are. As a plus: When you infect a computer connected through AOL the chance of discovery and subsequent removal is smaller. How many granny's on AOL run a firewall+spybot+antivirus etc?
    • Re:Obvious (Score:2, Interesting)

      by dc29A ( 636871 )
      Obvious, they go to where the easy targets are. As a plus: When you infect a computer connected through AOL the chance of discovery and subsequent removal is smaller. How many granny's on AOL run a firewall+spybot+antivirus etc?

      I doubt it's only AOL. How many non AOL average Joes use a firewall, antivirus and antispamware? The vast majority of home computer users don't give a damn about or are totally clueless about computer security.

      That and everyone and his mother running with a root account so once you g
      • The problem with companies like AOL, EarthLink, etc, is that they give a false sense of security to their users, claiming that they will be protected from everything. Not a day goes by I don't see their stupid TV commercials and feel sick.

        If people want to be really safe using the web, they need to be conscious about their computer and their security. This is a major drag for average users, but there's no other way. Even if the programs that access the web were 100% safe, there are ways of attacking users

    • AOL has implemented a lot of such software in their client software and do more and more scanning inline on opening connections and traffic patterns. I'd guess that helps them out a wee bit.

      AOLs goal has always been to provide a good experience to novice users... they do serve that target market fairly well in terms of providing information and services to those customers.

      PS: Not trying to start a AOL bad-experience thread here. The first paragraph is the important one. The second is just what their obje
    • How many granny's on AOL run a firewall+spybot+antivirus etc?

      Don't limit it to grandmother's in their retirment homes in Florida; most of the general public is none too swift, nowhere more evident than in the tech field. I harp on this all the time. People need to use some god-given common sense, but that's the one thing lacking. There's nothing wrong with using whatever IM system you choose as long as you're smart about it.

    • Re:Obvious (Score:3, Funny)

      by ozydingo ( 922211 )
      Didn't you see their new ad? The new and improved AOL blocks all spyware, foils all hackers, and does you up the butt all with a single mouse click!
    • Any granny with aol 9 has a firewall and antivirus. Now they may be bad ones. AIM exploits are NOT limited to aol customers though. Aol and third parties make AIM clients for the general public as well. Thats the real target area. Hell every mac ships with an AIM client (iChat).

      The trick here is to watch what the 12 year olds are using. They will click on anything and prefer IM conversations to email like my generation and phones likes my parents generation. I run an et clan and most of my members us
  • Simple Fix (Score:3, Funny)

    by jimbolauski ( 882977 ) on Wednesday January 11, 2006 @10:45AM (#14445916) Journal
    FTA:
        "We recommend that customers do not click on attachments or links in IM without confirming their validity with the person who sent them"

    When is a patch going to come out for this problem, it seems to have been plaguing the net for quite some.

    • Re:Simple Fix (Score:3, Informative)

      by randyflood ( 183756 )

      What is interesting to me is the number of new users to IM services fall for Bots that chat with them using a perl script or whatever. Now some of the worms using IM are chatting with the users first in order to work better:

      http://news.com.com/New%20IM%20worm%20chats%20with %20intended%20victims/2100-7349_3-5984845.html [com.com]
    • "We recommend that customers do not click on attachments or links in IM without confirming their validity with the person who sent them"

      When is a patch going to come out for this problem, it seems to have been plaguing the net for quite some.

      Once AOL start requiring (for 'technical' or even 'security' reasons) a set-top box to place on top of the monitor. This will track the location of the user using an inbuilt digital camera. Every so often it will cause a popup message containing suitably spammy tex

    • by Phisbut ( 761268 ) on Wednesday January 11, 2006 @11:02AM (#14446054)
      When is a patch going to come out for this problem, it seems to have been plaguing the net for quite some.

      We've been trying to patch human beings for quite a while now, but they just don't seem to stand still. We'll get to it though.

      • Think stapleguns. They don't have to be standing nearly as still.
      • When is a patch going to come out for this problem, it seems to have been plaguing the net for quite some.

        We've been trying to patch human beings for quite a while now, but they just don't seem to stand still. We'll get to it though.

        and to reboot them is very expensive and very risky...
  • A friend of mine was bothering me the other day. He runs Linux and thinks he's impervious to most virus attacks. Anyway, I opened up the binary of a Linux program I wrote that simply displays "LOL" over and over again, copied and pasted it into an IM window to him. Lo and behold, his computer started sending me back "LOL" as an instant message, over and over again!

    So, the moral of this story is that even if you run Linux, you're still susceptible to IM worms and attacks. My friend certainly was.
    • by Anonymous Coward
      you lying sack of shit
      • by Anonymous Coward
        I find this very offensive, Mr. Coward. I am going to contact CmdrTaco, get your IP and turn it in to the authorities - trolling is ILLEGAL in the United States now. Didn't you read this story [slashdot.org]?
  • by peragrin ( 659227 ) on Wednesday January 11, 2006 @10:47AM (#14445927)
    I have not seen any such attacks when using my normal IM software. I am constantly connected to AIM but I never recieve such problems. It might have to do with the fact that I use Fire/iChat, or Kopete/Gaim.

    Maybe because my IM client doesn't download and run activeX ads I don't have such problems. The AIM client for Windows doesn't like running in restricted user modes or restricted IE settings on any machine i have installed it on.

    So I would say it's not so much IM problems but more of the same IE/ActiveX security issues that continually plague the world that uses that crap.
    • I think it also depends on your buddy-list. The demographical variation in a buddy-list of your average John Doe or Grandma Doe should be very different from someone posting here on slashdot.
      • A good point. even though my AIM screenname is readily availbe on many webistes and forums, I have to accept messages first.
        • Security Policy (Score:3, Informative)

          by guitaristx ( 791223 )
          I had a large hand in developing a security policy for my workplace regarding instant messaging. One of the key points in the policy is that all IM software is to be configured to automatically reject unsolicited IMs (i.e. "Only accept messages from people in my buddy list"). Not a great solution if malware infects a user's computer, hijacks the IM client (or just the username/password), and propagates to all of that person's IM buddies. However, most of the IM-based malware also has some portion of its
          • Re:Security Policy (Score:2, Insightful)

            by ichimunki ( 194887 )
            All file transfers must be initiated by user action.

            This seems overly broad. How do you automate internal file transfers with a policy like this? Do you have no operational systems that need to provide data extracts to analysis systems or the like? Or do you allow automated transfer in documented and approved situations?

            • But if you have a need for an automated file transfer, why would you do it over an IM client?
            • It works the same way any real security policy does, I'd guess.

              That's the policy. Then exceptions are written as needed. This is pretty easy as there is a difference between a ftp between two OpenBSD servers and somebody accepting, by default, whatever crap anybody on the net throws at their IM client.

              A good security policy is *very* restrictive but has a built in mechanism for exceptions where and when they make sense. Again having a clued up admin or three in the loop is critical.
          • ...which will read to your non-IT staff as: bla bla foo bar bla. I don't think, they will understand the correlation between IM-file transfer and P2P networking. For them P2P = napster. ICQ= OK.
          • Agreed. Unsolicited messages should be removed from all IM systems, period.

            However, GAIM seems to ignore (or unable to set on the server) the setting for "ignore everyone but my buddy list" on ICQ. In both Windows and Linux, you can set this, but it resets within a short period of time.

            Haven't seen any malware yet, but the typical "ASL??" messages are annoying.

            Anyone have any ideas? Googling doesn't seem to indicate that anyone else has this problem.
    • Your assumption that these security are IE/ActiveX related is completely flawed.

      I am a WinGaim user and I have seen a large number of infected AIM profiles and away messages as well as received quite a few "click this" type IMs. The vast majority of these attacks are social attacks. Generally, the malware inserts a "click this" type link that tries to get you to "look at my pictures" or something like that with a link to pictures.gif.pif.

      For IE 6 or FireFox users running on Windows XP with Service Pack 2, t
      • I would agree with you if MS always displayed the full file name including the real extension and never truncated the extension1``. Most users have NO clue what the dialog box means, they just know that a file ending in ".gif" means that that the file is a picture and that they are being asked if they really want to see the picture. Why should they care that the picture came from an untrusted and unsigned source?
        • What makes you think that ".gif.pif" is any better? The dialog calls the file "a program". Even if a user knows that .gif means it is a picture, who says they know that .pif is an executable and not some other image format? Besides, the only time Windows truncates the extension is when you have "hide extensions for known file types" enabled (the default) and if this is something you don't know anything about then you've probably never seen .gif and don't know that it is an image anyway.

          The fact is that the
          • If the file name were presented as "pictures.gif.pif" instead of "pictures.gif", the file name no longer ends in "gif" which many people assocociate with picture files. I don't know how many users would notice the difference, but at least the file name doesn't end in an extension that most users know as indicating a picture file. Aunt Martha and Joe Sixpack don't know the difference between program files and picture files; the distinction of clicking on "run" instead of "yes" or "OK" is totally lost on th
      • For IE 6 or FireFox users running on Windows XP with Service Pack 2, this results in a dialog indicating that you are about to run an application that came from an untrusted and unsigned source. STILL users click "run" on this dialog.

        Firefox doesn't offer this feature for that exact reason.
        • Only partially true.

          IE 6 with SP2 shows "Run" instead of "Open" for executable and then WINDOWS (not IE) displays the prompt I am discussing.

          FireFox simply disables "Open" instead of displaying run, but then shows the download manager which reads "Open" regardless of the file type and if you click that prompts you "Open Executable File?" and even has a "Don't ask me again" check box. You press "OK" (not "Run") to continue.

          Upon further testing... I have discovered that FireFox DOES NOT cause the WINDOWS prom
    • If you haven't seen it that means all of your friends have common sense and enough knowhow so as not to click on everything they see.
  • I've seen messages which are supoposedly coming from women who want to "chat". These are most of the time spam. I ignore them, but i think this is a common tactic that is probably used by hacks.

    http://www.stockmarketgarden.com/ [stockmarketgarden.com]
    • Wow your sure? Hot lesbians teenage sluts don't want my hard throbbing cock? I am shocked and here I am trying to enter fake cc details to get a date with them. Sigh, is nothing sacred?

      To be fair wether the parent was joking or not it is sadly true that an awfull lot of people fall for this. No I am not some elite super intelligent person, I just know that the chances of an woman on IM sending naked pictures off herself to geeks is roughly zero. It may happen but not to me.

      Free software is even easier som

      • I just know that the chances of an woman on IM sending naked pictures off herself to geeks is roughly zero

        I've gotten a number of these through my lifetime, and met the girls and nailed em. Probably about 5-10 girls in my eight years of IMing...though most of it was back then...now I look for more substance.

        I think next time i get a phish attempt I will give the girl a fake bank account number....I tried calling the FBI once, but they weren't interested. You would think they would at least try.
    • You are very wise to recognise that if you are a geek and some hot chick starts hitting on you, there is probably a hidden agenda. Either that, or answering those penis enlargement spams is finally paying off.
    • I recently set my 11 yr old nephew up with GAIM. With the normal warnings about saftey and responsibility came my sage warning:

      "If someone claiming to be a hot babe wants you to chat or look at pictures, keep in mind she is not hot, and not even female."

      Will he pay heed to my warnings? Probably, because if he fscks up the computer he'll get IM and other luxuries taken away.
  • by endrue ( 927487 ) on Wednesday January 11, 2006 @10:50AM (#14445966)

    It is too bad that people are not aware of applications like gaim, trillian, etc. You get all the benefits and fewer risks (not to mention that you avoid all the bolted-on crap that comes with all the default clients).

    We use MSN Messenger at my work and everyone uses the MSN client. Has anyone seen this embarrasment? There is so much crap tacked around the buddy and message windows that it is almost unusable. I am trying to move people over to trillian and it is not hard. Once they see a nice clean UI, they want to use it.

    I guess its time to start educating the masses!

  • Why pussy sucks. (Score:1, Flamebait)

    by slashpot ( 11017 )
    A new girlfriend insisted on installing MSN, AIM, and Yahoo Messanger on my home xp machine this weekend - I can't stand that shit. Now there's like four freaking toolbars and constant door slamming sounds emminating from my computer. Talk about a reason to switch to linux at home...
  • MSN had a 57 percent share of the attacks, AOL had 37 percent and Yahoo had 6 percent

    I do not use msn. But we (myself and my friends in yahoo chat rooms) were annoyed beyond limit by attacks. There are fake sites asking you to enter yahoo passwords and so on. I can imagine what hell msn users must have gone through.

  • by 192939495969798999 ( 58312 ) <info AT devinmoore DOT com> on Wednesday January 11, 2006 @10:54AM (#14445992) Homepage Journal
    I'm not susceptible to IM viruses, ever since my friend X_Cindy_X_12345 IM'd me with this link to a special program I had to install. It prevents any kind of issue with the(##*@JN#IN#F____+++ NO CARRIER
  • Mobile phones (Score:4, Insightful)

    by Rob T Firefly ( 844560 ) on Wednesday January 11, 2006 @10:56AM (#14446012) Homepage Journal
    This is going to cause more and more of a problem not just for Joe Average PC user, but for the growing numbers of people with IM capability on their mobile phones and other devices, where using a clean third-party client is not an option, and where many plans still charge by the message.
    • Huh? Most people I know with "Instant Messengers" on their phones ARE using third party applications, these are also often written in Java, so are secure from the rest of the phone anyway, although, without actual research, I am not sure on the details, although I am reasonaby certain a short amount of Googling will yeild some open source, Java based cell phone IM clients.
  • by Torinir ( 870836 ) <torinir@@@gmail...com> on Wednesday January 11, 2006 @11:00AM (#14446040) Homepage Journal
    IM applications are hot attack vectors.

    1. Most instant messenger applications are client dependant. You need YIM/AIM/MSNM clients to talk to others on those IM networks, unlike client independant networks such as IRC.

    2. IM programs store contact lists much like a standard email client. Easy to read, exploit and spread.

    3. Most IM programs enjoy a high degree of popularity. Higher user counts = faster spreading.

    It's probably why I avoid IM programs like the plague.
    • While it may be a hot attack vector, I don't see why it's an infection problem in the corporate world. Everything depends on the user being able to download & execute the payload. If it's a home user, there aren't may protections in place to save them. In a corporate environment, downloads should be filtered to begin with. This prevents the vast majority of spyware encountered while browsing the web from being installed. It would also prevent users from downloading viral payloads linked to them tho
  • Phishing (Score:3, Informative)

    by AviLazar ( 741826 ) on Wednesday January 11, 2006 @11:03AM (#14446061) Journal
    I still get a lot of these. Someone will message me, with PISS poor english...claim they are from the US and abroad (or in one instance...a girl from England who lives in the US but is visiting her family). Sends me some model pictures and talks to me...within hours telling me how she loves me and thinks there is something special...it usually lasts about two weeks---hey I do get bored playing CS -- and at least I am keeping those clowns busy.

    It's amazing, and there is really nothing we can do about these idiots except hope people won't be stupid enough to send them money. In the end, it is the old scams "I am from war torn country, send me account number so I give you 10 million..."

  • by mqduck ( 232646 )
    MSN experienced the largest number of IM security incidents in both 2004 and 2005

    *shock*, *SHOCK!*
  • A significant part of the problem is the user base for these chat clients. AIM/MSN/YAHOO attract teens and college students who are not as knowledgeable as they should be when it comes to viruses, etc that can be distributed through IMs. Teens (the general masses) click just about anything and everything...the fact it is from a friend only increases the chances they will click a link.

    Novice users will most likely have to fall victim this sort of thing before they are able to prevent it from happening. I
    • I'm not so sure it's Teens as much as stupid people.
      I actually found in my old tech repair days (in a major college town) that adults were more likely to click anything that popped up in front of them. Probably due to panic (or in some cases, randiness). In general, they seem much less tech-savvy, and while teenagers had the same kind of problems, it was less frequent, and often due to the user being a sports scholarship ;) Now, of course it wasn't rare, but such a large population has, well, shall we say,
  • by naelurec ( 552384 ) on Wednesday January 11, 2006 @11:12AM (#14446136) Homepage
    MSN experienced the largest number of IM security incidents in both 2004 and 2005

    So they have over 50% of the market on IM security incidents .. go Microsoft!

    Just curious, what is their marketshare for IM? I tried looking it up w/o success.
  • Something to be said for still using ICQ. It has a simple interface, supports what I need (text messages to co-workers mostly), and with the increasing popularity of the other services, I haven't had any spam/pR0n offers in months.
    • I don't like those ads in the bottom of my chat window on ICQ. Plus it's a rather large download for just an instant messenger (not counting ICQ Lite here, folks)

      You should try Camfrog. Does instant messaging, has neato features like privacy mode (Not on the contact list, they can't contact you, period) and it's one-on-one videoconferencing is practically second to none. It's free (Pro version is like.. 50 bucks or something, and for your needs, it's not worth it) and it's fast, and a 2.4 meg download.
    • There's no need to worry about virii or trojans on ICQ since nobody uses it anymore! That being said, I do miss the golden days of ICQ. Amongst my friends, I was the last holdout against the IM machince, but it just became so lonely being the only one online with ICQ.
    • Something to be said for still using ICQ. It has a simple interface, supports what I need (text messages to co-workers mostly), and with the increasing popularity of the other services, I haven't had any spam/pR0n offers in months.

      Tell that to the customer whose computer is currently on my desk. In it's time (a few hours) sitting here, TRYING to get it to scan for adware/malware, I've had to close at least 30 message request/add to buddy request windows. I clicked to view a few, our of curiosity, and they
      • The strange thing is, I have a similar ICQ number to you (low one million's), and I have yet to receive a single one of these ICQ spam messages, and I don't have my user list set to only accept IM's from users on my list.
        • The strange thing is, I have a similar ICQ number to you (low one million's), and I have yet to receive a single one of these ICQ spam messages, and I don't have my user list set to only accept IM's from users on my list.

          You are a bit confused. My number is in the low 10 millions, not the 1's. :)

          Strange enough, however, is that a few contacts I did have in the list are gone now (Save for my ex-roomie and his current "live-in" girlfriend).

      • Just checked that number, I think it's a good idea if you remove your personal details like your adress and phonenumber (if it is yours)

        You might just be spammed to death at home :(
        • Just checked that number, I think it's a good idea if you remove your personal details like your adress and phonenumber (if it is yours)

          You might just be spammed to death at home :(


          I'll have to check it. I haven't used that account since I moved away from SoCal over 5 years ago, so whoever lives there now is the one that might get spammed to death. :)

  • sxybtrfly99: So you like my personality, I can send you a photo.
    manstud45: Yeah, U R totally cool, I really like chatting w/U. Can IM me the pic?
    sxybtrfly99: Sure, right away. I have something I have 2 tell U. ;)
    manstud45: It's kool, Im sure I can handle it :)
    sxybtrfly99: I sent U my photo. Bi the way, did U ever see the movie "The Crying Game"?
    manstud45: What is this?!?!? WHAT HAVE YOU DONE??? MY PC IS ALL MESSE
  • I am connected to AIM and MSN all day every day and I have NEVER had a problem with any sort of attack. If you ask me, this falls under the same realm of thought as spyware: use caution. If the site looks/sounds the least bit untrustworthy, don't go to it. Practice safe browsing habits and you will be fine. Same goes with IM, don't accept file transfers from users you don't know. Or better yet, don't talk to users you dont know. Problem solved. I watch where I go on the internet and who I talk to and that's
  • Hey, this is an interesting article. Anyone who wants to discuss it hit me up on UIN 5050554. Oh wait... nevermind. I forgot that someone jacked my password and changed it last year! I had a low number you skank! Anyway, if you have my password, please place it on my desktop in a text file at 153.145.2.302 Thanks
  • Have any of you? Just curious. It can be from a stupid social engineering.
  • How to keep out IMs? (Score:2, Informative)

    by DrVomact ( 726065 )
    I am the "admin" for my family network (4PCs, connected via router, 1 WPA-PSK secured wireless connection to the router) and I try my best to keep things running smoothly and securely. A couple of months ago, my 15 year old daughter downloaded a virus via the MS IM thing. I had to restore her system from backup--that virus was eeeeevil. To her credit, she's been very careful since then, and I actually trust her not to do it again (her mother is a different story...). However, it bugs me that I don't have an
    • One way I controlled my daughter's AIM time was to proxy her system through my server running Squid and use iptables to block connections to the AIM servers at certain hours. This rule also blocks AOL web pages, but it's not like anyone is missing anything. :)

      iptables -A OUTPUT -p tcp --destination-port 80 -d 64.12.0.0/16 -j DROP
      iptables -A OUTPUT -p tcp --destination-port 80 -d 205.188.0.0/16 -j DROP

      Originally I used a cronjob to turn it on and off. I've since added an extension that allows rules to be t
  • I've been dealing with AIM viruses since 2003 (I run AIMFix [jayloden.com], an IM-specific virus removal tool), and I've watched them grow exponentially. On top of that, the attack methods have become infinitely more sophisticated. Where it used to be a userland executable, usually an exe, it moved to .pif and .scr files. It started with the usual "Run" entry in the registry, then started to mess around with the shell settings, winlogon settings, services, and legacy win.ini items. The latest variants are actually includi
  • FTA:

    FaceTime said that exploits can jump networks through IM "consolidation" applications, such as Trillian or Gaim, which let people combine contacts from multiple IM networks on one list.

    Can anyone attest to or refute this? This kinda surprises me. Do these attacks get in through the browser, the protocol, or the client specifically? I can see them hopping protocols if they're getting down into the browser or OS (and then working back up to another protocol), but I can't imagine that these hackers ha

  • Instant messenging has always had great amounts of attacks..on the english language

Solutions are obvious if one only has the optical power to observe them over the horizon. -- K.A. Arsdall

Working...