Instant Messaging Falls Prey To Hackers --- Dinah Greek --- Online Security

Online Security, a global provider of computer forensics and information technology risk mitigation since 1997

Original Source: http://www.technewsworld.com/perl/story/31858.html

Instant Messaging Falls Prey To Hackers
Author: Dinah Greek

By grabbing a user's buddy list rather than scanning for vulnerable IP addresses, these worms have the potential to be more virulent than predecessors like Code Red, Slammer or Blaster, which spread over the internet rather than over IM networks, warned Neal Hindocha of Symantec Security Response.

Hackers are exploiting browser security flaws to hijack instant messaging (IM) accounts, security experts have warned.

When Microsoft decided to shut down its chat rooms for security reasons, it suggested IM as an alternative.

But although the company claims this method of chat is safer, hackers have already exploited security holes in the Internet Explorer browser to hijack IM accounts, according to Drew Copley, a research engineer at eEye Digital Security, who discovered the original security vulnerability.

Opening a Back Door
This could open a back door to unknown chatters as well as expose children to pornography from spammers.

Internet security firm Symantec said vulnerabilites have meant that attacks on IM and peer-to-peer sites have risen 400 per cent since 2002.

Using what are known as application programming interfaces (a set of routines, protocols, and tools for building software applications), hackers have developed worms or Trojans that can capture a remote user's list of IM correspondents, or buddies.

Automatic for the Worm
By grabbing a user's buddy list rather than scanning for vulnerable IP addresses, these worms have the potential to be more virulent than predecessors like Code Red, Slammer or Blaster, which spread over the internet rather than over IM networks, warned Neal Hindocha of Symantec Security Response.

Usually the victim is led to a Web site , either by a distributing link through IM or via an email with a link to the Web page, which then automatically downloads a worm or trojan.

One program, according to security bulletin BugTraq, hijacks an already running AOL IM (AIM) account, changes the password and sends a message to the buddies list with a link to a malicious Web page.

Another Attack
Another attack on users of AIM is being accomplished by sending them to a Web site where a trojan downloads an automated dialler. Users accessing the internet via dial-up accounts are then switched to premium rate porn numbers.

A similar worm that spreads through the Microsoft MSN Messenger system, according to South Korean antivirus company, Global Hauri. This attempts to connect to a porn Web site and also sends itself to names in the victim's contact list.

At the time of going to press neither AOL nor Microsoft had returned calls for comment.