Slashdot Mirror
Instant-Messaging Attacks On the Rise
Ant writes "CNET News.com and ZDNet News report that security attacks over instant-messaging (IM) networks became more prevalent in 2005, according to a new study. MSN experienced the largest number of IM security incidents in both 2004 and 2005, while year-on-year incident growth rates were largest on AIM."
Obvious, they go to where the easy targets are. As a plus: When you infect a computer connected through AOL the chance of discovery and subsequent removal is smaller. How many granny's on AOL run a firewall+spybot+antivirus etc?
FTA:
"We recommend that customers do not click on attachments or links in IM without confirming their validity with the person who sent them"
When is a patch going to come out for this problem, it seems to have been plaguing the net for quite some.
Knowledge = Power
P= W/t
t=Money
Money = Work/Knowledge so the less you know the more you make
A friend of mine was bothering me the other day. He runs Linux and thinks he's impervious to most virus attacks. Anyway, I opened up the binary of a Linux program I wrote that simply displays "LOL" over and over again, copied and pasted it into an IM window to him. Lo and behold, his computer started sending me back "LOL" as an instant message, over and over again!
So, the moral of this story is that even if you run Linux, you're still susceptible to IM worms and attacks. My friend certainly was.
I have not seen any such attacks when using my normal IM software. I am constantly connected to AIM but I never recieve such problems. It might have to do with the fact that I use Fire/iChat, or Kopete/Gaim.
Maybe because my IM client doesn't download and run activeX ads I don't have such problems. The AIM client for Windows doesn't like running in restricted user modes or restricted IE settings on any machine i have installed it on.
So I would say it's not so much IM problems but more of the same IE/ActiveX security issues that continually plague the world that uses that crap.
i thought once I was found, but it was only a dream.
Rly? ... cuz my m8 got 0wned by this hacker on AIM. Posted about it on his myspace account if u wanna read it. u think i should tell him 2 go 2 IRC? r ther no hackers there? I'll tell him i heard its saf3r, k? cuz I heard they can get ur IP number on AIM & not on IRC, that true 2?
(egad, writing like that was a terrible strain, even if only for a few sentences... how do the aolam3rz manage it?)
Real Daleks don't climb stairs - they level the building.
I've seen messages which are supoposedly coming from women who want to "chat". These are most of the time spam. I ignore them, but i think this is a common tactic that is probably used by hacks.
http://www.stockmarketgarden.com/
It is too bad that people are not aware of applications like gaim, trillian, etc. You get all the benefits and fewer risks (not to mention that you avoid all the bolted-on crap that comes with all the default clients).
We use MSN Messenger at my work and everyone uses the MSN client. Has anyone seen this embarrasment? There is so much crap tacked around the buddy and message windows that it is almost unusable. I am trying to move people over to trillian and it is not hard. Once they see a nice clean UI, they want to use it.
I guess its time to start educating the masses!
I meta-moderate because I care.
A new girlfriend insisted on installing MSN, AIM, and Yahoo Messanger on my home xp machine this weekend - I can't stand that shit. Now there's like four freaking toolbars and constant door slamming sounds emminating from my computer. Talk about a reason to switch to linux at home...
I do not use msn. But we (myself and my friends in yahoo chat rooms) were annoyed beyond limit by attacks. There are fake sites asking you to enter yahoo passwords and so on. I can imagine what hell msn users must have gone through.
hilarious
I'm not susceptible to IM viruses, ever since my friend X_Cindy_X_12345 IM'd me with this link to a special program I had to install. It prevents any kind of issue with the(##*@JN#IN#F____+++ NO CARRIER
stuff |
This is going to cause more and more of a problem not just for Joe Average PC user, but for the growing numbers of people with IM capability on their mobile phones and other devices, where using a clean third-party client is not an option, and where many plans still charge by the message.
Slashdot Burying Stories About Slashdot Media Owned
IM applications are hot attack vectors.
1. Most instant messenger applications are client dependant. You need YIM/AIM/MSNM clients to talk to others on those IM networks, unlike client independant networks such as IRC.
2. IM programs store contact lists much like a standard email client. Easy to read, exploit and spread.
3. Most IM programs enjoy a high degree of popularity. Higher user counts = faster spreading.
It's probably why I avoid IM programs like the plague.
Thank God for IRC?
"Hacker groups have large (compromised) server farms to experiment with propagating exploits. They hide Trojans and viruses, and control these botnets via IRC,"
You're one of them, aren't you?! ADMIT IT!!
Just remember, IRC isn't safe, only safer
To be fair wether the parent was joking or not it is sadly true that an awfull lot of people fall for this. No I am not some elite super intelligent person, I just know that the chances of an woman on IM sending naked pictures off herself to geeks is roughly zero. It may happen but not to me.
Free software is even easier somehow. Home come you can easily tell that the free firefox is really free but those smilies for your IM client come at the cost of your privacy?
Tip, if they advertise that it is free then it probably isn't. How do you explain to people that those free smilies are not free but that free browser is free? Most people here can probably "feel" it in their gut but I find it very hard to explain to normal people.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
I still get a lot of these. Someone will message me, with PISS poor english...claim they are from the US and abroad (or in one instance...a girl from England who lives in the US but is visiting her family). Sends me some model pictures and talks to me...within hours telling me how she loves me and thinks there is something special...it usually lasts about two weeks---hey I do get bored playing CS -- and at least I am keeping those clowns busy.
It's amazing, and there is really nothing we can do about these idiots except hope people won't be stupid enough to send them money. In the end, it is the old scams "I am from war torn country, send me account number so I give you 10 million..."
I mod down so you can mod up. Your welcome.
MSN experienced the largest number of IM security incidents in both 2004 and 2005
*shock*, *SHOCK!*
Property is theft.
I just know that the chances of an woman on IM sending naked pictures off herself to geeks is roughly zero
I've gotten a number of these through my lifetime, and met the girls and nailed em. Probably about 5-10 girls in my eight years of IMing...though most of it was back then...now I look for more substance.
I think next time i get a phish attempt I will give the girl a fake bank account number....I tried calling the FBI once, but they weren't interested. You would think they would at least try.
I mod down so you can mod up. Your welcome.
A significant part of the problem is the user base for these chat clients. AIM/MSN/YAHOO attract teens and college students who are not as knowledgeable as they should be when it comes to viruses, etc that can be distributed through IMs. Teens (the general masses) click just about anything and everything...the fact it is from a friend only increases the chances they will click a link.
Novice users will most likely have to fall victim this sort of thing before they are able to prevent it from happening. I don't see this problem going away anytime soon.
MSN experienced the largest number of IM security incidents in both 2004 and 2005
.. go Microsoft!
So they have over 50% of the market on IM security incidents
Just curious, what is their marketshare for IM? I tried looking it up w/o success.
AOL has implemented a lot of such software in their client software and do more and more scanning inline on opening connections and traffic patterns. I'd guess that helps them out a wee bit.
AOLs goal has always been to provide a good experience to novice users... they do serve that target market fairly well in terms of providing information and services to those customers.
PS: Not trying to start a AOL bad-experience thread here. The first paragraph is the important one. The second is just what their objective is stated and seems to be... and they do a reasonable job moving to their target market... hence why they've had a lot of success with novices.
-M
when you see the word 'Linux', drink!
I had a large hand in developing a security policy for my workplace regarding instant messaging. One of the key points in the policy is that all IM software is to be configured to automatically reject unsolicited IMs (i.e. "Only accept messages from people in my buddy list"). Not a great solution if malware infects a user's computer, hijacks the IM client (or just the username/password), and propagates to all of that person's IM buddies. However, most of the IM-based malware also has some portion of its payload distributed via the file-sharing mechanisms, which is also addressed in our security policy: "All file transfers must be initiated by user action. A remote user may not read or write any file to or from a [my company] computer; i.e. a computer may not behave as a peer-to-peer file-sharing server ." If you close those two doors, you stop a big portion of the problems.
I pity the foo that isn't metasyntactic
Something to be said for still using ICQ. It has a simple interface, supports what I need (text messages to co-workers mostly), and with the increasing popularity of the other services, I haven't had any spam/pR0n offers in months.
Some mornings it's hardly worth chewing through the restraints to get out of bed.
sxybtrfly99: So you like my personality, I can send you a photo. ;)
:)
manstud45: Yeah, U R totally cool, I really like chatting w/U. Can IM me the pic?
sxybtrfly99: Sure, right away. I have something I have 2 tell U.
manstud45: It's kool, Im sure I can handle it
sxybtrfly99: I sent U my photo. Bi the way, did U ever see the movie "The Crying Game"?
manstud45: What is this?!?!? WHAT HAVE YOU DONE??? MY PC IS ALL MESSE
He who knows best knows how little he knows. - Thomas Jefferson
I am connected to AIM and MSN all day every day and I have NEVER had a problem with any sort of attack. If you ask me, this falls under the same realm of thought as spyware: use caution. If the site looks/sounds the least bit untrustworthy, don't go to it. Practice safe browsing habits and you will be fine. Same goes with IM, don't accept file transfers from users you don't know. Or better yet, don't talk to users you dont know. Problem solved. I watch where I go on the internet and who I talk to and that's extremely more efficient than hoping any spyware/antivirus program will take care of it all for you. I do suppose this is pointed towards the more casual computer user, but still people, trust your instincts.
I will forever be a student.
will solve all of your problems http://gaim.sourceforge.net/
The 'Net is a waste of time, and that's exactly what's right about it. - William Gibson
But if you have a need for an automated file transfer, why would you do it over an IM client?
You better watch out, there may be dogs about . .
Hey, this is an interesting article. Anyone who wants to discuss it hit me up on UIN 5050554. Oh wait... nevermind. I forgot that someone jacked my password and changed it last year! I had a low number you skank! Anyway, if you have my password, please place it on my desktop in a text file at 153.145.2.302 Thanks
Indeed, a strain to write and read, and now I slip into the realm of what is arguably off topic...
/. linked to a White Dust Security article. I am no English teacher, but it was absolutely abysmal English, assuming that the article's author's first language is English, it would not be suprising that part of their shocking English skills (or lack there of) could be directly attributed to their "leetness" at leetspeak.
Leetspeak does not impress me at all, in fact, if I see someone genuinely using it, I'll just assume they are immature individuals who have yet to grow up, and consequently I treat them as such. In my opinion, Leetspeak is also a complete waste of time, my typing is bad enough without me training myself to do it incorrectly, what I am trying to get at is that leetspeak is not only arguably lame, but it is in fact counter-productive.
Many people, especially IT workers, have probably never been on a typing course, but despite this, many may be considered to be exceptionally quick on the keyboard. You see, the brain is remarkable in that forcing yourself to do something repetitively sets up neural pathways, and one finds themselves able to do the same thing that they initially found to be complicated or difficult, with almost little or no effort whatsoever, this is called "training". So, all these leetspeak people have successfully trained themselves in a skill that has absolutely no value in the workplace, but even worse, good language and typing skills, which would be useful in the workplace, have probably been sabotaged by them repetitively doing it wrong. As an example, earlier today
That's just one reason I don't care much for IRC, the other is that many people on IRC, seem be far to, as a Vulcan might say, "irrational".
I don't like those ads in the bottom of my chat window on ICQ. Plus it's a rather large download for just an instant messenger (not counting ICQ Lite here, folks)
You should try Camfrog. Does instant messaging, has neato features like privacy mode (Not on the contact list, they can't contact you, period) and it's one-on-one videoconferencing is practically second to none. It's free (Pro version is like.. 50 bucks or something, and for your needs, it's not worth it) and it's fast, and a 2.4 meg download.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
There's no need to worry about virii or trojans on ICQ since nobody uses it anymore! That being said, I do miss the golden days of ICQ. Amongst my friends, I was the last holdout against the IM machince, but it just became so lonely being the only one online with ICQ.
First of all, one of the best protections is to simply only chat with people that you know. I personally only allow people that are on my buddy list IM me. If anyone else really needs to IM me, they can just email me or what not and request that I add them. That way I cut back on the overall risk of being contacted by someone and catching a virus.
The second smart tip is just not accept attachments unless you know exactly who they are from, what it is, and its a smart idea to not open the full direct connection, just allow the transfer of the one file.
People just need to exercise common sense. Remember when your parents used to tell you "Don't take candy from strangers." The same principle applies here. If you don't know who someone is, why do you need to be clicking links or downloading attachments from them. And then, even if you do know who it is, try and ask yourself if the message is something that the person is known for sending. A lot of the times it won't logically fit the person.
Ahh well, everyone just needs to be on the lookout.
Something to be said for still using ICQ. It has a simple interface, supports what I need (text messages to co-workers mostly), and with the increasing popularity of the other services, I haven't had any spam/pR0n offers in months.
Tell that to the customer whose computer is currently on my desk. In it's time (a few hours) sitting here, TRYING to get it to scan for adware/malware, I've had to close at least 30 message request/add to buddy request windows. I clicked to view a few, our of curiosity, and they were the "Oohh, I want you to see my NAUGHTY pictures, baby!" messages.
Glad I left ICQ back in the late 90's when this crap started to happen.
12789908 (Just checked -- still active. Used the "ICQ2GO". Inside of about 10 minutes of being connected (while I typed this) I got two of said "messages" on an account I haven't logged into for YEARS.)
Hmm
bork bork bork!
You dump public IM services and use an in house only app. Being an IBM BP, we happen to have Lotus Sametime which integrates into Notes and has a standalone client as well. Secured/encrypted communications, and if we wanted to set up a SIP gateway with another partner we could so we could have secure conversations there too.
I believe LiveMeeting is supposed to do something similar...but I am not a fan...so...
Bottom line, skip the public crap if you want to limit your exposure to these things.
GM.
Have any of you? Just curious. It can be from a stupid social engineering.
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
The strange thing is, I have a similar ICQ number to you (low one million's), and I have yet to receive a single one of these ICQ spam messages, and I don't have my user list set to only accept IM's from users on my list.
I am the "admin" for my family network (4PCs, connected via router, 1 WPA-PSK secured wireless connection to the router) and I try my best to keep things running smoothly and securely. A couple of months ago, my 15 year old daughter downloaded a virus via the MS IM thing. I had to restore her system from backup--that virus was eeeeevil. To her credit, she's been very careful since then, and I actually trust her not to do it again (her mother is a different story...). However, it bugs me that I don't have any control of what comes in via IM. For example, you can't just turn off the IM port--the damn things will use any open port, including 80. There's no way to exclude particular IM clients or senders...no control at all. (I'm just a control freak when I'm in sys admin mode...really). So what to do?
Great men are almost always bad men--Lord Acton's Corollary
Agreed. Unsolicited messages should be removed from all IM systems, period.
However, GAIM seems to ignore (or unable to set on the server) the setting for "ignore everyone but my buddy list" on ICQ. In both Windows and Linux, you can set this, but it resets within a short period of time.
Haven't seen any malware yet, but the typical "ASL??" messages are annoying.
Anyone have any ideas? Googling doesn't seem to indicate that anyone else has this problem.
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
Just checked that number, I think it's a good idea if you remove your personal details like your adress and phonenumber (if it is yours)
:(
You might just be spammed to death at home
This is the sig that says NI (again)
I've been dealing with AIM viruses since 2003 (I run AIMFix, an IM-specific virus removal tool), and I've watched them grow exponentially. On top of that, the attack methods have become infinitely more sophisticated. Where it used to be a userland executable, usually an exe, it moved to .pif and .scr files. It started with the usual "Run" entry in the registry, then started to mess around with the shell settings, winlogon settings, services, and legacy win.ini items. The latest variants are actually including code from various rootkits (mostly the FU rootkit) to hide themselves from memory and the registry.
My prediction is that these will only grow worse as time goes on. It's far too easy to include even more sophisticated rootkit technology in with the worm code, IM is getting ever more popular, and it's effective, plain and simple. Something about the IM format makes it both easy to mimic real "conversation" ("hey, check out these pics of me drunk at New Years!"), and somehow less suspicious than similar messages sent via email.
As far as I'm concerned, rootkits are going to become the norm for Windows worms/viruses within a year or two. why bother with a simple executable that's easy to find and kill when you could make your code invisible to the running system? Frankly, I have no idea what the next step becomes for those of us writing anti-virus tools and cleaning programs. Bootable CDs that can verify the system? I don't pretend to have the answer just yet, but I can say with confidence that we'll be seeing more of this as time goes on, and I sincerely hope that the AV companies can step up to the plate in time.
Just checked that number, I think it's a good idea if you remove your personal details like your adress and phonenumber (if it is yours)
:(
:)
You might just be spammed to death at home
I'll have to check it. I haven't used that account since I moved away from SoCal over 5 years ago, so whoever lives there now is the one that might get spammed to death.
bork bork bork!
The strange thing is, I have a similar ICQ number to you (low one million's), and I have yet to receive a single one of these ICQ spam messages, and I don't have my user list set to only accept IM's from users on my list.
:)
You are a bit confused. My number is in the low 10 millions, not the 1's.
Strange enough, however, is that a few contacts I did have in the list are gone now (Save for my ex-roomie and his current "live-in" girlfriend).
bork bork bork!
Use it. It works with all three at the same time (and yes I use all three), can handle multiple screennames from each and has a great UI (read no ads and easy to turn off ALL of the sounds). She can reach you/ be reached on all of them. However, I am a big fan of keeping away from the significant others's machines and vice versa. Flipping through files is bad enough, but installing stuff is a fast way to die.
lol no im not a virus!
In Soviet Russia, backwards is everything.
Instant messenging has always had great amounts of attacks..on the english language
If your neighbours roof is flying past your window, you know it's cyclone season.
"lol, no this is not a virus!"
That was my point. IRC is a safer, simpler, more robust (imho) protocol. It gets the same job done as IM does. And yes, it can be abused just like any other Internet protocol, unfortunately. Sure, someone could trick you into visiting a website if you are stupid enough. And no, they don't always get your IP address: on some networks you can mask you hostname/ip address (Undernet comes to mind with it's +x mode.) And no, I am not one of them. Those are LIES! ALL LIES!!!!!!
-- SKYKING, SKYKING, DO NOT ANSWER.
I don't see l33t sp34k at all on irc these days. Of course I guess it depends on which channels you hang out on.
-- SKYKING, SKYKING, DO NOT ANSWER.
I have Zone Alarm 6-- which CLAIMS Instant Message monitoring...As I don't IM... I've never had occasion to test the claim. Just curious if you or anyone has any knowledge of whether it works --or not-- and if so, how well?