Latest IM attacks still rely on social engineering


    Requires Free Membership to View

This tip is part of the Messaging Security School lesson on secure instant messaging. Visit the Secure instant messaging lesson page for more learning resources.

As one of the most widely deployed applications on the Internet, Instant Messaging (IM) is increasingly becoming the target of choice for attackers. The number of threats targeting IM has soared dramatically during the last few years. The threats range from IM-borne viruses and worms, spam over IM (SPIM), malware and phishing attacks. Not only is the huge IM user base attracting hackers, but a feature that's also tempting is IM's capability to transfer files and bypass firewalls, which make it an effective medium for spreading malware.

How instant messaging attacks occur
Most IM-based attacks require some form of user interaction, but with the use of ever more sophisticated social engineering techniques, attackers are tricking users into setting the attack in motion. Amazingly, one recent IM worm actually imitated another IM user by engaging in a chat session. Such techniques trick the victim into opening an infected file, visiting a malicious Web site or divulging personal information.

IM attacks often install a Trojan horse, which can then configure the IM client to share all the files on the victim's computer, or send personal data from the PC back to the attacker. The attacker can also send instructions to the infected computer via instant messaging, allowing the attacker to remotely control the client machine. Furthermore, because none of the major instant messaging protocols encrypt network traffic, hackers can capture instant messaging traffic or highjack IM connections. Another simple type of attack is flooding a particular user with a large number of messages, crashing the IM client or causing the entire computer to become unstable. As you can see, there are real concerns regarding security and privacy for anyone using IM.

Preventing instant messaging attacks
So how do you avoid falling prey to an IM attack? To start, when you create an IM account, don't choose a screen name that mentions or hints at your real identity; Butterfly1 is better than JaneInChicago. You should never list your contact information in any public Internet directories. This will help reduce the amount of spam and SPIM you receive. Finally never share your password with anyone, and never select the feature that allows you to log on automatically, as your online identity could be used to attack the people on your buddy list.

As with email, you should be skeptical of any IM messages you receive from someone you don't know. More specifically:

  • Never open, accept or download a picture or file, or run an application in IM from an unknown source,
  • If you know who sent the file, don't open it unless you know what the file is and you were expecting it,
  • Treat hyperlinks in messages with the same degree of caution, as they could take you to a malicious Web site,
  • Only communicate with people who are on your contact or buddy lists,
  • Never divulge sensitive personal information in an IM conversation.

Unfortunately, firewalls are currently not very adept at controlling IM traffic. That traffic is often embedded inside HTTP packets and can use any port to connect to IM services, thus bypassing most firewall checks. It is vital therefore that you:

  • Install and use both antivirus and antispyware software and keep them updated,
  • Keep up to date with the latest patches for your operating system,
  • Use the most up-to-date version of your IM software. For example, unlike MSN Messenger, Windows Live Messenger can block suspicious attachments or scan them for viruses.
  • Use one of the many IM add-ons that encrypt your IM text messages and file transfers.

As new services such as VoIP are added to instant messaging products, new IM threats will emerge. For that reason it will be even more important to not only keep your system and software programs patched and up to date, but also remain vigilant, because educated, wary users are the best defense against attacks.

About the author:
Michael Cobb, CISSP-ISSAP, is the founder and managing director of Cobweb Applications Ltd., a consultancy that offers IT training and support in data security and analysis. He co-authored the book IIS Security and has written numerous technical articles for leading IT publications. Mike is the guest instructor for SearchSecurity.com's Messaging Security School and, as a SearchSecurity.com site expert, answers user questions on application and platform security.


  Messaging Security School: Home 
  Secure Instant Messaging: Lesson Home
  Secure Instant Messaging: Webcast
  Secure Instant Messaging: Podcast

This was first published in October 2006

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.