Check out our previous article
Instant Messaging - Malicious Threats and Vulnerabilities
Instant messaging has clearly taken off as a means of communication. The ability to communicate in real-time makes it an ideal medium for both business and personal communication. Unfortunately, threats that affect instant messaging already exist today, including worms and vulnerabilities than can give hackers remote access to vulnerable computers. These threats, combined with the potential for unintentional disclosure of business information make instant messaging relatively insecure for company use.
Why is instant messaging a threat to propagating malicious threats?
Instant messaging is an up and coming threat as a carrier for malware. More and more people are using instant messaging, both for personal and business reasons. Instant messaging networks provide the ability to not only transfer text messages, but also transfer files. Consequently, instant messengers can transfer worms and other malware.
Furthermore, multiple vulnerabilities have been discovered and have yet to be discovered in instant messaging clients. Such vulnerabilities not only give hackers remote access, but also provide access to fast spreading blended threats. Current blended threats are limited by their ability to find vulnerable hosts, but with instant messaging buddy list, finding vulnerable hosts become significantly easier resulting in a blended threat that may propagate faster than CodeRed and Slammer.
Do vulnerabilities exist in IM programs?
The discovery of vulnerabilities in network-enabled applications occurs everyday. Instant messaging clients are no exception. These vulnerabilities are common coding mistakes made by programmers. At best, these vulnerabilities can cause a Denial of Service (DoS), and at worst, can allow hackers unauthorized remote access. Furthermore, remotely injected code could contain classic worm replication functionality, forming an instant messaging blended threat. This type of threat would have the potential to spread significantly faster than even CodeRed and W32/Slammer.
Are there any current IM threats?
Any Internet-enabled application is a potential carrier for worms and other malware. Instant messaging is no exception. Currently, more than 30 worms spread via instant messaging networks and their clients.
How are IM worms different from backdoor Trojans?
Backdoor Trojans use the same techniques as those utilized by instant messaging worms, but instead of sending themselves (replicating), backdoor Trojans export sensitive information or wait for specific messages to arrive, instructing them to perform a malicious action. In addition, a backdoor Trojan can modify configuration settings of the IM client, allowing unauthorized remote access.
What kind of impact does IM blended threats have?
Instant messaging blended threats have the potential to replicate much more rapidly than the blended threats that have been seen to date, mainly because blended threats are currently limited by their ability to find vulnerable hosts.
While an instant messaging blended threat will likely need to use TCP and be limited by network latency similar to CodeRed, an instant messaging blended threat will not need to iterate through the entire IP address space in search of vulnerable machines. Inherent to instant messaging is a buddy list, and therefore a pre-populated target list of potentially vulnerable machines. Furthermore, the number of instant messaging users far exceeds the number of Web servers or SQL servers on the Internet.
By eliminating the need to scan for vulnerable machines, one can infect hundreds of thousands of machines in seconds rather than minutes.
While an instant messaging blended threat could spread extremely fast, such a threat could also be eliminated relatively quickly. As this threat relies on the instant messaging server, as soon as the instant messaging servers are shut down, the blended threat will no longer replicate, unless the threat carried some additional propagation component not reliant on instant messaging.
What kind of risk do users put themselves in when using IM programs?
Using instant messaging can put one at risk of having confidential information disclosed. A hacker can obtain passwords, system configuration information, and sensitive files via instant messaging. This data can be stolen without a breach of the actual system and without the knowledge of the IM user. More importantly, the resultant damage due to information disclosure can outweigh the direct damage due to a malicious threat.
How can an attacker utilize IM to gain confidential information?
A hacker can gain confidential information by hijacking instant messaging sessions, impersonating other users, maliciously proxying data, sniffing network traffic, password theft, and exporting data via instant messaging.
