Slashdot Mirror
Instant-Messaging Attacks On the Rise
Ant writes "CNET News.com and ZDNet News report that security attacks over instant-messaging (IM) networks became more prevalent in 2005, according to a new study. MSN experienced the largest number of IM security incidents in both 2004 and 2005, while year-on-year incident growth rates were largest on AIM."
Amen.
-- SKYKING, SKYKING, DO NOT ANSWER.
Obvious, they go to where the easy targets are. As a plus: When you infect a computer connected through AOL the chance of discovery and subsequent removal is smaller. How many granny's on AOL run a firewall+spybot+antivirus etc?
FTA:
"We recommend that customers do not click on attachments or links in IM without confirming their validity with the person who sent them"
When is a patch going to come out for this problem, it seems to have been plaguing the net for quite some.
Knowledge = Power
P= W/t
t=Money
Money = Work/Knowledge so the less you know the more you make
A friend of mine was bothering me the other day. He runs Linux and thinks he's impervious to most virus attacks. Anyway, I opened up the binary of a Linux program I wrote that simply displays "LOL" over and over again, copied and pasted it into an IM window to him. Lo and behold, his computer started sending me back "LOL" as an instant message, over and over again!
So, the moral of this story is that even if you run Linux, you're still susceptible to IM worms and attacks. My friend certainly was.
I have not seen any such attacks when using my normal IM software. I am constantly connected to AIM but I never recieve such problems. It might have to do with the fact that I use Fire/iChat, or Kopete/Gaim.
Maybe because my IM client doesn't download and run activeX ads I don't have such problems. The AIM client for Windows doesn't like running in restricted user modes or restricted IE settings on any machine i have installed it on.
So I would say it's not so much IM problems but more of the same IE/ActiveX security issues that continually plague the world that uses that crap.
i thought once I was found, but it was only a dream.
Rly? ... cuz my m8 got 0wned by this hacker on AIM. Posted about it on his myspace account if u wanna read it. u think i should tell him 2 go 2 IRC? r ther no hackers there? I'll tell him i heard its saf3r, k? cuz I heard they can get ur IP number on AIM & not on IRC, that true 2?
(egad, writing like that was a terrible strain, even if only for a few sentences... how do the aolam3rz manage it?)
Real Daleks don't climb stairs - they level the building.
LOL! This isnt a virus! Click Here!
I've seen messages which are supoposedly coming from women who want to "chat". These are most of the time spam. I ignore them, but i think this is a common tactic that is probably used by hacks.
http://www.stockmarketgarden.com/
It is too bad that people are not aware of applications like gaim, trillian, etc. You get all the benefits and fewer risks (not to mention that you avoid all the bolted-on crap that comes with all the default clients).
We use MSN Messenger at my work and everyone uses the MSN client. Has anyone seen this embarrasment? There is so much crap tacked around the buddy and message windows that it is almost unusable. I am trying to move people over to trillian and it is not hard. Once they see a nice clean UI, they want to use it.
I guess its time to start educating the masses!
I meta-moderate because I care.
IM, nope, won't use it. Did for a bit, but people knew when I was online and I didn't want that. No thanks.
Solution solved!
Now for my userbase who use IMings, I hope we get attacked, it will justify my removal of non-buisness software.
A new girlfriend insisted on installing MSN, AIM, and Yahoo Messanger on my home xp machine this weekend - I can't stand that shit. Now there's like four freaking toolbars and constant door slamming sounds emminating from my computer. Talk about a reason to switch to linux at home...
I do not use msn. But we (myself and my friends in yahoo chat rooms) were annoyed beyond limit by attacks. There are fake sites asking you to enter yahoo passwords and so on. I can imagine what hell msn users must have gone through.
hilarious
I'm not susceptible to IM viruses, ever since my friend X_Cindy_X_12345 IM'd me with this link to a special program I had to install. It prevents any kind of issue with the(##*@JN#IN#F____+++ NO CARRIER
stuff |
This is going to cause more and more of a problem not just for Joe Average PC user, but for the growing numbers of people with IM capability on their mobile phones and other devices, where using a clean third-party client is not an option, and where many plans still charge by the message.
Slashdot Burying Stories About Slashdot Media Owned
IM applications are hot attack vectors.
1. Most instant messenger applications are client dependant. You need YIM/AIM/MSNM clients to talk to others on those IM networks, unlike client independant networks such as IRC.
2. IM programs store contact lists much like a standard email client. Easy to read, exploit and spread.
3. Most IM programs enjoy a high degree of popularity. Higher user counts = faster spreading.
It's probably why I avoid IM programs like the plague.
To be fair wether the parent was joking or not it is sadly true that an awfull lot of people fall for this. No I am not some elite super intelligent person, I just know that the chances of an woman on IM sending naked pictures off herself to geeks is roughly zero. It may happen but not to me.
Free software is even easier somehow. Home come you can easily tell that the free firefox is really free but those smilies for your IM client come at the cost of your privacy?
Tip, if they advertise that it is free then it probably isn't. How do you explain to people that those free smilies are not free but that free browser is free? Most people here can probably "feel" it in their gut but I find it very hard to explain to normal people.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
I still get a lot of these. Someone will message me, with PISS poor english...claim they are from the US and abroad (or in one instance...a girl from England who lives in the US but is visiting her family). Sends me some model pictures and talks to me...within hours telling me how she loves me and thinks there is something special...it usually lasts about two weeks---hey I do get bored playing CS -- and at least I am keeping those clowns busy.
It's amazing, and there is really nothing we can do about these idiots except hope people won't be stupid enough to send them money. In the end, it is the old scams "I am from war torn country, send me account number so I give you 10 million..."
I mod down so you can mod up. Your welcome.
MSN experienced the largest number of IM security incidents in both 2004 and 2005
*shock*, *SHOCK!*
Property is theft.
I just know that the chances of an woman on IM sending naked pictures off herself to geeks is roughly zero
I've gotten a number of these through my lifetime, and met the girls and nailed em. Probably about 5-10 girls in my eight years of IMing...though most of it was back then...now I look for more substance.
I think next time i get a phish attempt I will give the girl a fake bank account number....I tried calling the FBI once, but they weren't interested. You would think they would at least try.
I mod down so you can mod up. Your welcome.
A significant part of the problem is the user base for these chat clients. AIM/MSN/YAHOO attract teens and college students who are not as knowledgeable as they should be when it comes to viruses, etc that can be distributed through IMs. Teens (the general masses) click just about anything and everything...the fact it is from a friend only increases the chances they will click a link.
Novice users will most likely have to fall victim this sort of thing before they are able to prevent it from happening. I don't see this problem going away anytime soon.
Translation: let's put our faith in technology, just after a slashdot story about it's shortcomings.
MSN experienced the largest number of IM security incidents in both 2004 and 2005
.. go Microsoft!
So they have over 50% of the market on IM security incidents
Just curious, what is their marketshare for IM? I tried looking it up w/o success.
AOL has implemented a lot of such software in their client software and do more and more scanning inline on opening connections and traffic patterns. I'd guess that helps them out a wee bit.
AOLs goal has always been to provide a good experience to novice users... they do serve that target market fairly well in terms of providing information and services to those customers.
PS: Not trying to start a AOL bad-experience thread here. The first paragraph is the important one. The second is just what their objective is stated and seems to be... and they do a reasonable job moving to their target market... hence why they've had a lot of success with novices.
-M
when you see the word 'Linux', drink!
I had a large hand in developing a security policy for my workplace regarding instant messaging. One of the key points in the policy is that all IM software is to be configured to automatically reject unsolicited IMs (i.e. "Only accept messages from people in my buddy list"). Not a great solution if malware infects a user's computer, hijacks the IM client (or just the username/password), and propagates to all of that person's IM buddies. However, most of the IM-based malware also has some portion of its payload distributed via the file-sharing mechanisms, which is also addressed in our security policy: "All file transfers must be initiated by user action. A remote user may not read or write any file to or from a [my company] computer; i.e. a computer may not behave as a peer-to-peer file-sharing server ." If you close those two doors, you stop a big portion of the problems.
I pity the foo that isn't metasyntactic
Something to be said for still using ICQ. It has a simple interface, supports what I need (text messages to co-workers mostly), and with the increasing popularity of the other services, I haven't had any spam/pR0n offers in months.
Some mornings it's hardly worth chewing through the restraints to get out of bed.
sxybtrfly99: So you like my personality, I can send you a photo. ;)
:)
manstud45: Yeah, U R totally cool, I really like chatting w/U. Can IM me the pic?
sxybtrfly99: Sure, right away. I have something I have 2 tell U.
manstud45: It's kool, Im sure I can handle it
sxybtrfly99: I sent U my photo. Bi the way, did U ever see the movie "The Crying Game"?
manstud45: What is this?!?!? WHAT HAVE YOU DONE??? MY PC IS ALL MESSE
He who knows best knows how little he knows. - Thomas Jefferson
I am connected to AIM and MSN all day every day and I have NEVER had a problem with any sort of attack. If you ask me, this falls under the same realm of thought as spyware: use caution. If the site looks/sounds the least bit untrustworthy, don't go to it. Practice safe browsing habits and you will be fine. Same goes with IM, don't accept file transfers from users you don't know. Or better yet, don't talk to users you dont know. Problem solved. I watch where I go on the internet and who I talk to and that's extremely more efficient than hoping any spyware/antivirus program will take care of it all for you. I do suppose this is pointed towards the more casual computer user, but still people, trust your instincts.
I will forever be a student.
will solve all of your problems http://gaim.sourceforge.net/
The 'Net is a waste of time, and that's exactly what's right about it. - William Gibson
The bullshit detector is pegging off the scale Cap'n!
But if you have a need for an automated file transfer, why would you do it over an IM client?
You better watch out, there may be dogs about . .
Hey, this is an interesting article. Anyone who wants to discuss it hit me up on UIN 5050554. Oh wait... nevermind. I forgot that someone jacked my password and changed it last year! I had a low number you skank! Anyway, if you have my password, please place it on my desktop in a text file at 153.145.2.302 Thanks
Nah. There's some pretty skanky sluts on there who give it up to just about anyone.
But you usually need a shot of some hefty antibiotics afterwards.
I don't like those ads in the bottom of my chat window on ICQ. Plus it's a rather large download for just an instant messenger (not counting ICQ Lite here, folks)
You should try Camfrog. Does instant messaging, has neato features like privacy mode (Not on the contact list, they can't contact you, period) and it's one-on-one videoconferencing is practically second to none. It's free (Pro version is like.. 50 bucks or something, and for your needs, it's not worth it) and it's fast, and a 2.4 meg download.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Despite the fact alot of rubbish warning messages float around MSN, there is actually an email address that once on your contact list will wreak havoc.
I dont know how it works and can't find anything out about it online, but it added me and several friends to MSN and whenever we signed in MSN would simply lockup until we removed it.
It appears to have affected quite a few people because I got a few chain mail warnings about accepting or adding it.
The email is Longtimenolust@hotmail.com, incase anyone thinks it's a hoax or wants to diagnose it somehow.
There's no need to worry about virii or trojans on ICQ since nobody uses it anymore! That being said, I do miss the golden days of ICQ. Amongst my friends, I was the last holdout against the IM machince, but it just became so lonely being the only one online with ICQ.
First of all, one of the best protections is to simply only chat with people that you know. I personally only allow people that are on my buddy list IM me. If anyone else really needs to IM me, they can just email me or what not and request that I add them. That way I cut back on the overall risk of being contacted by someone and catching a virus.
The second smart tip is just not accept attachments unless you know exactly who they are from, what it is, and its a smart idea to not open the full direct connection, just allow the transfer of the one file.
People just need to exercise common sense. Remember when your parents used to tell you "Don't take candy from strangers." The same principle applies here. If you don't know who someone is, why do you need to be clicking links or downloading attachments from them. And then, even if you do know who it is, try and ask yourself if the message is something that the person is known for sending. A lot of the times it won't logically fit the person.
Ahh well, everyone just needs to be on the lookout.
Something to be said for still using ICQ. It has a simple interface, supports what I need (text messages to co-workers mostly), and with the increasing popularity of the other services, I haven't had any spam/pR0n offers in months.
Tell that to the customer whose computer is currently on my desk. In it's time (a few hours) sitting here, TRYING to get it to scan for adware/malware, I've had to close at least 30 message request/add to buddy request windows. I clicked to view a few, our of curiosity, and they were the "Oohh, I want you to see my NAUGHTY pictures, baby!" messages.
Glad I left ICQ back in the late 90's when this crap started to happen.
12789908 (Just checked -- still active. Used the "ICQ2GO". Inside of about 10 minutes of being connected (while I typed this) I got two of said "messages" on an account I haven't logged into for YEARS.)
Hmm
bork bork bork!
You dump public IM services and use an in house only app. Being an IBM BP, we happen to have Lotus Sametime which integrates into Notes and has a standalone client as well. Secured/encrypted communications, and if we wanted to set up a SIP gateway with another partner we could so we could have secure conversations there too.
I believe LiveMeeting is supposed to do something similar...but I am not a fan...so...
Bottom line, skip the public crap if you want to limit your exposure to these things.
GM.
Then you're going to hate this Firefox extension.
Have any of you? Just curious. It can be from a stupid social engineering.
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
The strange thing is, I have a similar ICQ number to you (low one million's), and I have yet to receive a single one of these ICQ spam messages, and I don't have my user list set to only accept IM's from users on my list.
I am the "admin" for my family network (4PCs, connected via router, 1 WPA-PSK secured wireless connection to the router) and I try my best to keep things running smoothly and securely. A couple of months ago, my 15 year old daughter downloaded a virus via the MS IM thing. I had to restore her system from backup--that virus was eeeeevil. To her credit, she's been very careful since then, and I actually trust her not to do it again (her mother is a different story...). However, it bugs me that I don't have any control of what comes in via IM. For example, you can't just turn off the IM port--the damn things will use any open port, including 80. There's no way to exclude particular IM clients or senders...no control at all. (I'm just a control freak when I'm in sys admin mode...really). So what to do?
Great men are almost always bad men--Lord Acton's Corollary
I know a simple fix to AOL problems.
Don't write it with buffer overruns everywhere. The unofficial Gaim client has protocol limits on profile information and buddy icons. That's more than AIM 5.9 (I haven't messed with Triton, too much bloat).
Nek0d3 figured this out a long time ago. And what do they have to show for it? Several versions of their client, AIM Remix, that can crash most AIM clients. Mind you, AIM remix was written in visual basic, which is not a complex language.
It's sad when a third-party slap-together program can DoS, portscan, and abuse the server, while the other official client (with funding) has stumbled a lot.
"I'm a well-wisher, in that I don't wish you any specific harm."
Agreed. Unsolicited messages should be removed from all IM systems, period.
However, GAIM seems to ignore (or unable to set on the server) the setting for "ignore everyone but my buddy list" on ICQ. In both Windows and Linux, you can set this, but it resets within a short period of time.
Haven't seen any malware yet, but the typical "ASL??" messages are annoying.
Anyone have any ideas? Googling doesn't seem to indicate that anyone else has this problem.
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
I don't know about you guys, but I run the older versions of AIM and have no problems whatsoever. The last good version was 4.3. Run a netstat -an on older versions and you will notice only ONE connection using port 5190. Newer versions typically show several connections, mostly to serve ads. Thankfully the ads never even show up on some old versions. Heck, even AIM 1.6 still works on Windows 3.1, although its features are severely limited. I stick mostly with AIM 3.x and the early 4.x series since they do everything I could possibly want.
Just checked that number, I think it's a good idea if you remove your personal details like your adress and phonenumber (if it is yours)
:(
You might just be spammed to death at home
This is the sig that says NI (again)
I've been dealing with AIM viruses since 2003 (I run AIMFix, an IM-specific virus removal tool), and I've watched them grow exponentially. On top of that, the attack methods have become infinitely more sophisticated. Where it used to be a userland executable, usually an exe, it moved to .pif and .scr files. It started with the usual "Run" entry in the registry, then started to mess around with the shell settings, winlogon settings, services, and legacy win.ini items. The latest variants are actually including code from various rootkits (mostly the FU rootkit) to hide themselves from memory and the registry.
My prediction is that these will only grow worse as time goes on. It's far too easy to include even more sophisticated rootkit technology in with the worm code, IM is getting ever more popular, and it's effective, plain and simple. Something about the IM format makes it both easy to mimic real "conversation" ("hey, check out these pics of me drunk at New Years!"), and somehow less suspicious than similar messages sent via email.
As far as I'm concerned, rootkits are going to become the norm for Windows worms/viruses within a year or two. why bother with a simple executable that's easy to find and kill when you could make your code invisible to the running system? Frankly, I have no idea what the next step becomes for those of us writing anti-virus tools and cleaning programs. Bootable CDs that can verify the system? I don't pretend to have the answer just yet, but I can say with confidence that we'll be seeing more of this as time goes on, and I sincerely hope that the AV companies can step up to the plate in time.
Just checked that number, I think it's a good idea if you remove your personal details like your adress and phonenumber (if it is yours)
:(
:)
You might just be spammed to death at home
I'll have to check it. I haven't used that account since I moved away from SoCal over 5 years ago, so whoever lives there now is the one that might get spammed to death.
bork bork bork!
The strange thing is, I have a similar ICQ number to you (low one million's), and I have yet to receive a single one of these ICQ spam messages, and I don't have my user list set to only accept IM's from users on my list.
:)
You are a bit confused. My number is in the low 10 millions, not the 1's.
Strange enough, however, is that a few contacts I did have in the list are gone now (Save for my ex-roomie and his current "live-in" girlfriend).
bork bork bork!
Use it. It works with all three at the same time (and yes I use all three), can handle multiple screennames from each and has a great UI (read no ads and easy to turn off ALL of the sounds). She can reach you/ be reached on all of them. However, I am a big fan of keeping away from the significant others's machines and vice versa. Flipping through files is bad enough, but installing stuff is a fast way to die.
lol no im not a virus!
In Soviet Russia, backwards is everything.
Instant messenging has always had great amounts of attacks..on the english language
If your neighbours roof is flying past your window, you know it's cyclone season.
"lol, no this is not a virus!"
I have Zone Alarm 6-- which CLAIMS Instant Message monitoring...As I don't IM... I've never had occasion to test the claim. Just curious if you or anyone has any knowledge of whether it works --or not-- and if so, how well?