S
saucywench
Source: http://www.leavcom.com/ieee_july05.htm
I am pasting only the bottom half of the article found at this site. If you think this information might be of value to you, you might want to read the entire article (or, for that matter, Google any/all information on the practice.) For Yahoo Instant Messager users (like myself) I recommend visiting this page, http://security.yahoo.com/, mentioned further below in the article.
I first learned of instant messaging hacking a few years back. A friend of mine in California was the first person I had heard of whose IM account had been hacked. Since then, I have heard increasingly of other peoples' IM accounts being hijacked. If you use an instant messaging program (as most of us do), it is important to educate yourself to this increasingly common method of trying to gain sensitive personal information/cause general pc havoc.
TECHNOLOGY NEWS
Instant Messaging: A New Target for Hackers
IM ATTACKS
IM attacks are like those that affect e-mail and other types of network-based assaults.
Malicious code
IM attacks have included various types of Trojan horses and worms.
Assiral.A This simple mass-mailing worm arrives as a Windows 32-bit executable that deletes files and modifies Internet Explorer home-page settings.
Bizex. The main component of this worm, which attacks ICQ systems, has spying and data-stealing capabilities. Bizex spreads by sending a hyperlink to a victims contacts. Clicking on the link sends them to a Web page that uploads the worm.
Bropia. This worm and its variants, including Kelvir and Serflog, spread via MSN Messenger. They copy themselves into a Windows system directory, download more malware onto the victims computer, and reduce system security. Some variants hide on a PC, only to re-emerge at a later date.
Buddypicture. The attack by this Trojan, which affects AIM systems, starts with an instant message that includes a hyperlink to a Web site supposedly featuring pictures of the purported sender, whose name was on the victims contact list. The message asks the victim to download an applet first. If downloaded, the applet uploads adware and spyware to victims computers.
Gabby.a. The Gabby worm attacks AOLs AIM and ICQ systems by sending recipients a hyperlink and tricking them into clicking on it. Victims then get to a Web page that uploads spyware, as well as a worm that opens a backdoor to the machine and eliminates Windows services such as those used with antivirus and firewall software.
Kelvir. This worm spreads by sending a hyperlink to MSN Messenger users with messages such as "Hey, check this out" or "LOL, this is a funny picture of me." Users who click on the link go to a Web page that uploads the virus to their computers. Kelvir then spreads via victims buddy lists.
The worm can turn computers into spam broadcasters, log keystrokes such as those in user names and passwords, and e-mail the information to hackers.
Kelvir recently shut down international media company Reuters proprietary, closed, 6,000-user IM system, which is based on Microsoft technology.
Phishing
IM phishing is an industrywide issue. For example, phishers recently attacked Yahoo Messenger by sending a message containing a hyperlink to a counterfeit Yahoo Web site. The site displayed a sign-in screen and asked victims to log in with their user ID and password. With this information, an attacker could sign in to the victims Yahoo Messenger accounts and hack into their contact lists and user profiles, which can contain personal and financial information.
According to Yahoo Messenger director Frazier Miller, the company has enhanced security by adding a new SpamGuard feature that lets consumers report spam or unsolicited IM messages. In addition, it blocks communications from previous senders of unsolicited messages. The company also started the Yahoo Security Center (http://security.yahoo.com), which educates consumers on how to protect themselves online.
Hijacking
IM worms can let an attacker hijack and send messages with infected attachments or phishing-related hyperlinks from victims clients to their IM contacts.
This could make the contacts believe the communications came from an acquaintance and that opening attachments or clicking on hyperlinks is safe.
Denial-of-service attacks
An attacker could launch a DoS attack by sending many specially crafted TCP/IP packets to servers in an IM providers infrastructure and thereby prevent legitimate messages from passing through.
Hackers could also send many packets to an IM user to hang up or crash the messaging client or eat up CPU resources and destabilize the computer.
ADDRESSING THE THREATS
Messaging providers and security companies are taking steps to combat IM attacks, such as establishing the IMlogic Threat Center, which monitors and analyzes IM security risks, warns uses against vulnerabilities, and provides threat management. Its members include about 25 companies, which fund the organization, and about 400 individuals.
IM providers and security companies also advocate educating consumers about safe computing practices.
Upgrading IM technology
IM attacks can cause buffer overflows, which occur when a program or process tries to store more data in a buffer than it was designed to hold. The extra information overflows into adjacent buffers, corrupting or overwriting valid data. The overflowing data can contain instructions designed to cause problems such as client failure or the consumption of CPU or memory resources.
Poor programming and memory management can enable buffer overflow attacks. Thus, major IM networks are revising their clients to ensure better memory management.
Sana Securitys Primary Response protects against buffer overflows by preventing the type of code execution that occurs during the attacks.
Primary Response also includes a profile of normal file and network activity so that the system can detect anomalous behavior that indicates an IM-based or other attack. The product also includes Sanas Active Malware Defense Technology, which recognizes programs behaving maliciously.
Firewall maker Zone Labs makes IMSecure, which can detect viruses; block spam, IM-borne scripts, and buffer overflow attacks; and encrypt data being sent to another IMSecure user. Users can also choose to block certain IM features, such as file transfers.
Symantec and McAfee added IM scanning and the ability to remove malware from attached files to their Norton AntiVirus and VirusScan products, respectively. And TrendMicros InterScan Web Security Suite filters Web traffic for URLs of Web sites known to be involved in malicious downloads, phishing, and spam.
To limit the damage that infected files can cause, Microsoft has designed MSN Messenger so that it wont transfer several types of files, such as executables, command files, and program information files (which tell Windows how to run non-Windows applications).
Meanwhile, vendors are starting to release end-to-end encryption plug-ins to for IM clients.
IM-use policies
"Companies need to have a policy on IM, even if its to ban it," said SRI Internationals Sachs. "The best policy is to provide for a way that employees can use IM safely and describe how the technology will be used [only] to support business needs."
According to SurfControl, IM-security policies could limit which users can access IM networks; route instant messages through the secure enterprise network; require regularly updated, real-time message-content filtering; mandate virus scanning of all file transfers; and block transmission of hyperlinks over IM.
Slowing IM worms spread
Traditional antivirus technology reacts too slowly to stop many IM virus outbreaks. Virus throttling, a promising alternative that is still experimental for IM, slows the spread of messaging worms and thus limits their damage, rather than prevent the infections.
When a system spots worm-like behavior on an IM network, virus throttling limits the number of IM messages an infected user can send outside the small group of contacts with which they communicate most frequently, explained Matthew Williamson, a Sana Security senior research scientist who developed the technique while at Hewlett-Packard.
"Attacks will increase in sophistication," said Trend Labs researcher Ivan M. Macalintal. For example, IM malicious code will make itself harder to detect by mutating several of the elements that security systems use to identify it. For example, the malware may mutate the code itself to defeat the code signatures that antivirus software uses to identify malware, noted the IMlogic Threat Centers Johnson.
And in the near future, said F-Secures Carrera, wireless-IM security problems may arise.
IMs rapid growth in the enterprise and lack of deployed IM security technology continue to make it attractive to attackers. "IM has become an infection vector alternative to e-mail, and we will see a gradual increase of threats simply because of the bulk of users," said Jim Murphy, SurfControls director of product marketing.
According to Murphy, large organizations will be slow to react to the threat but eventually will be compelled to do so by the risks involved. Neal Leavitt is president of Leavitt Communications, an international marketing communications company based in Fallbrook, California. He writes frequently on technology-related topics. Contact him at [email protected].
I am pasting only the bottom half of the article found at this site. If you think this information might be of value to you, you might want to read the entire article (or, for that matter, Google any/all information on the practice.) For Yahoo Instant Messager users (like myself) I recommend visiting this page, http://security.yahoo.com/, mentioned further below in the article.
I first learned of instant messaging hacking a few years back. A friend of mine in California was the first person I had heard of whose IM account had been hacked. Since then, I have heard increasingly of other peoples' IM accounts being hijacked. If you use an instant messaging program (as most of us do), it is important to educate yourself to this increasingly common method of trying to gain sensitive personal information/cause general pc havoc.
TECHNOLOGY NEWS
Instant Messaging: A New Target for Hackers
IM ATTACKS
IM attacks are like those that affect e-mail and other types of network-based assaults.
Malicious code
IM attacks have included various types of Trojan horses and worms.
Assiral.A This simple mass-mailing worm arrives as a Windows 32-bit executable that deletes files and modifies Internet Explorer home-page settings.
Bizex. The main component of this worm, which attacks ICQ systems, has spying and data-stealing capabilities. Bizex spreads by sending a hyperlink to a victims contacts. Clicking on the link sends them to a Web page that uploads the worm.
Bropia. This worm and its variants, including Kelvir and Serflog, spread via MSN Messenger. They copy themselves into a Windows system directory, download more malware onto the victims computer, and reduce system security. Some variants hide on a PC, only to re-emerge at a later date.
Buddypicture. The attack by this Trojan, which affects AIM systems, starts with an instant message that includes a hyperlink to a Web site supposedly featuring pictures of the purported sender, whose name was on the victims contact list. The message asks the victim to download an applet first. If downloaded, the applet uploads adware and spyware to victims computers.
Gabby.a. The Gabby worm attacks AOLs AIM and ICQ systems by sending recipients a hyperlink and tricking them into clicking on it. Victims then get to a Web page that uploads spyware, as well as a worm that opens a backdoor to the machine and eliminates Windows services such as those used with antivirus and firewall software.
Kelvir. This worm spreads by sending a hyperlink to MSN Messenger users with messages such as "Hey, check this out" or "LOL, this is a funny picture of me." Users who click on the link go to a Web page that uploads the virus to their computers. Kelvir then spreads via victims buddy lists.
The worm can turn computers into spam broadcasters, log keystrokes such as those in user names and passwords, and e-mail the information to hackers.
Kelvir recently shut down international media company Reuters proprietary, closed, 6,000-user IM system, which is based on Microsoft technology.
Phishing
IM phishing is an industrywide issue. For example, phishers recently attacked Yahoo Messenger by sending a message containing a hyperlink to a counterfeit Yahoo Web site. The site displayed a sign-in screen and asked victims to log in with their user ID and password. With this information, an attacker could sign in to the victims Yahoo Messenger accounts and hack into their contact lists and user profiles, which can contain personal and financial information.
According to Yahoo Messenger director Frazier Miller, the company has enhanced security by adding a new SpamGuard feature that lets consumers report spam or unsolicited IM messages. In addition, it blocks communications from previous senders of unsolicited messages. The company also started the Yahoo Security Center (http://security.yahoo.com), which educates consumers on how to protect themselves online.
Hijacking
IM worms can let an attacker hijack and send messages with infected attachments or phishing-related hyperlinks from victims clients to their IM contacts.
This could make the contacts believe the communications came from an acquaintance and that opening attachments or clicking on hyperlinks is safe.
Denial-of-service attacks
An attacker could launch a DoS attack by sending many specially crafted TCP/IP packets to servers in an IM providers infrastructure and thereby prevent legitimate messages from passing through.
Hackers could also send many packets to an IM user to hang up or crash the messaging client or eat up CPU resources and destabilize the computer.
ADDRESSING THE THREATS
Messaging providers and security companies are taking steps to combat IM attacks, such as establishing the IMlogic Threat Center, which monitors and analyzes IM security risks, warns uses against vulnerabilities, and provides threat management. Its members include about 25 companies, which fund the organization, and about 400 individuals.
IM providers and security companies also advocate educating consumers about safe computing practices.
Upgrading IM technology
IM attacks can cause buffer overflows, which occur when a program or process tries to store more data in a buffer than it was designed to hold. The extra information overflows into adjacent buffers, corrupting or overwriting valid data. The overflowing data can contain instructions designed to cause problems such as client failure or the consumption of CPU or memory resources.
Poor programming and memory management can enable buffer overflow attacks. Thus, major IM networks are revising their clients to ensure better memory management.
Sana Securitys Primary Response protects against buffer overflows by preventing the type of code execution that occurs during the attacks.
Primary Response also includes a profile of normal file and network activity so that the system can detect anomalous behavior that indicates an IM-based or other attack. The product also includes Sanas Active Malware Defense Technology, which recognizes programs behaving maliciously.
Firewall maker Zone Labs makes IMSecure, which can detect viruses; block spam, IM-borne scripts, and buffer overflow attacks; and encrypt data being sent to another IMSecure user. Users can also choose to block certain IM features, such as file transfers.
Symantec and McAfee added IM scanning and the ability to remove malware from attached files to their Norton AntiVirus and VirusScan products, respectively. And TrendMicros InterScan Web Security Suite filters Web traffic for URLs of Web sites known to be involved in malicious downloads, phishing, and spam.
To limit the damage that infected files can cause, Microsoft has designed MSN Messenger so that it wont transfer several types of files, such as executables, command files, and program information files (which tell Windows how to run non-Windows applications).
Meanwhile, vendors are starting to release end-to-end encryption plug-ins to for IM clients.
IM-use policies
"Companies need to have a policy on IM, even if its to ban it," said SRI Internationals Sachs. "The best policy is to provide for a way that employees can use IM safely and describe how the technology will be used [only] to support business needs."
According to SurfControl, IM-security policies could limit which users can access IM networks; route instant messages through the secure enterprise network; require regularly updated, real-time message-content filtering; mandate virus scanning of all file transfers; and block transmission of hyperlinks over IM.
Slowing IM worms spread
Traditional antivirus technology reacts too slowly to stop many IM virus outbreaks. Virus throttling, a promising alternative that is still experimental for IM, slows the spread of messaging worms and thus limits their damage, rather than prevent the infections.
When a system spots worm-like behavior on an IM network, virus throttling limits the number of IM messages an infected user can send outside the small group of contacts with which they communicate most frequently, explained Matthew Williamson, a Sana Security senior research scientist who developed the technique while at Hewlett-Packard.
"Attacks will increase in sophistication," said Trend Labs researcher Ivan M. Macalintal. For example, IM malicious code will make itself harder to detect by mutating several of the elements that security systems use to identify it. For example, the malware may mutate the code itself to defeat the code signatures that antivirus software uses to identify malware, noted the IMlogic Threat Centers Johnson.
And in the near future, said F-Secures Carrera, wireless-IM security problems may arise.
IMs rapid growth in the enterprise and lack of deployed IM security technology continue to make it attractive to attackers. "IM has become an infection vector alternative to e-mail, and we will see a gradual increase of threats simply because of the bulk of users," said Jim Murphy, SurfControls director of product marketing.
According to Murphy, large organizations will be slow to react to the threat but eventually will be compelled to do so by the risks involved. Neal Leavitt is president of Leavitt Communications, an international marketing communications company based in Fallbrook, California. He writes frequently on technology-related topics. Contact him at [email protected].
