Slashdot Mirror
Instant-Messaging Attacks On the Rise
Ant writes "CNET News.com and ZDNet News report that security attacks over instant-messaging (IM) networks became more prevalent in 2005, according to a new study. MSN experienced the largest number of IM security incidents in both 2004 and 2005, while year-on-year incident growth rates were largest on AIM."
Obvious, they go to where the easy targets are. As a plus: When you infect a computer connected through AOL the chance of discovery and subsequent removal is smaller. How many granny's on AOL run a firewall+spybot+antivirus etc?
FTA:
"We recommend that customers do not click on attachments or links in IM without confirming their validity with the person who sent them"
When is a patch going to come out for this problem, it seems to have been plaguing the net for quite some.
Knowledge = Power
P= W/t
t=Money
Money = Work/Knowledge so the less you know the more you make
I have not seen any such attacks when using my normal IM software. I am constantly connected to AIM but I never recieve such problems. It might have to do with the fact that I use Fire/iChat, or Kopete/Gaim.
Maybe because my IM client doesn't download and run activeX ads I don't have such problems. The AIM client for Windows doesn't like running in restricted user modes or restricted IE settings on any machine i have installed it on.
So I would say it's not so much IM problems but more of the same IE/ActiveX security issues that continually plague the world that uses that crap.
i thought once I was found, but it was only a dream.
It is too bad that people are not aware of applications like gaim, trillian, etc. You get all the benefits and fewer risks (not to mention that you avoid all the bolted-on crap that comes with all the default clients).
We use MSN Messenger at my work and everyone uses the MSN client. Has anyone seen this embarrasment? There is so much crap tacked around the buddy and message windows that it is almost unusable. I am trying to move people over to trillian and it is not hard. Once they see a nice clean UI, they want to use it.
I guess its time to start educating the masses!
I meta-moderate because I care.
Rly? ... cuz my m8 got 0wned by this hacker on AIM. Posted about it on his myspace account if u wanna read it. u think i should tell him 2 go 2 IRC? r ther no hackers there? I'll tell him i heard its saf3r, k? cuz I heard they can get ur IP number on AIM & not on IRC, that true 2?
OMGZ I just pwned some guy yesterday mebe it was u?, haha what a n00b he told me his IP was 127.0.0.1 and I used some 1337 program to pwn his comp and now I have full permission to do it, I think I'll start deleteing his files. LOLZ!
I'm not susceptible to IM viruses, ever since my friend X_Cindy_X_12345 IM'd me with this link to a special program I had to install. It prevents any kind of issue with the(##*@JN#IN#F____+++ NO CARRIER
stuff |
This is going to cause more and more of a problem not just for Joe Average PC user, but for the growing numbers of people with IM capability on their mobile phones and other devices, where using a clean third-party client is not an option, and where many plans still charge by the message.
Slashdot Burying Stories About Slashdot Media Owned
IM applications are hot attack vectors.
1. Most instant messenger applications are client dependant. You need YIM/AIM/MSNM clients to talk to others on those IM networks, unlike client independant networks such as IRC.
2. IM programs store contact lists much like a standard email client. Easy to read, exploit and spread.
3. Most IM programs enjoy a high degree of popularity. Higher user counts = faster spreading.
It's probably why I avoid IM programs like the plague.
Almost everyone knows that 127.0.0.1 is a loopback address.
:)
But it is not widely known that ANY 127.x.x.x address is loopback. So you can have a lot of fun asking to attack, say 127.3.44.165