Tech Tips Home
The Best Tech Tips And Daily Deals
Newsletter On The Internet!

Shop online 24hrs a day or call us Mon-Fri
8:30AM-4:30PM EST - 1-800-915-2088
WorldStart Tech Tip And Store Search
Email: Password: Login Remember Me

Like what you see here? Subscribe to the Tech Tips newsletter!   Email: Subscribe

Instant Messenger Vulnerabilites

Wednesday, April 6th, 2005 by | Filed Under: Uncategorized
 
Loading...


There are just a few things worse than when I write an article about how wonderful some program or service is, only to find a big nasty foot in my mouth a week or two later. Well back on March 10, 2005 I reviewed Trillian, an IM (Instant Messenger) manager, as a download of the week. You can use Trillian with pretty much every IM program such as AOL, Yahoo, and MSN to name but a few. Well back on the 25th of March came the IM vulnerabilities—what a horrible coincidence.

There are four different vulnerabilities this month, affecting three IM programs: two for MSN, one for Yahoo, and another for Trillian. Each is described each below:

MSN Messenger is in the lead with two worms that have unearthed themselves:

•  Kelvir this is an older worm that has come out of retirement. It shows up as a link in a message, you click on the link you get the worm. Once in it will replicate itself within your system and awaits further instructions from the Mothership.

•  Sumon or the (Win32.Serflog.a) is a new worm, and infects in a very similar fashion as the Kelvir, except it uses an attachment instead of a link. Once infected the worm goes to work trying to shut down certain programs such as anti-virus programs, knock out your any MSN security, and can block you from certain web addresses.

Yahoo Messenger has a real winner knocking at the door as well:

•  It’s actually a Phishing technique that can come straight from your Buddy list, and it is bound to catch some people. What it does is send you a message possibly posing as a “Buddy”, which redirects you to a Yahoo looking site where you are then prompted to enter your username and password. This of course is a spoofed site that has captured your information, and now has your username and password to Yahoo Messenger. Also if this is the same username and password you use for other or even all your online accounts then they may have access to more than just your messenger.

Trillian, the download I showcased a couple of weeks ago, apparently has an exploit as well. It seems that, though highly unlikely, a Hacker could enter your PC and take control of programs or the whole PC. Now before you go scurrying over to your Add/Remove programs you should know that even though it can be done, it would take a whole lot of hacker savvy, not to mention that the Cerulean Studios’ creator of Trillian has assured it’s users that it will have the hole fixed with the new version (no date).

So it turns out that Instant Messengers have the same problems as everything else on the web—the potential for vicious attacks on your system. I wouldn’t let this stop you from using your IM, though I may stop using Trillian until the hole is patched.

I would just keep in mind that you shouldn’t just open up messages or links you’re not expecting. Always ask the sender to see if they sent this link or attachment in order to make sure that it is not coming from some unknown source. Just think of Instant Messaging as you would email, you don’t (or at least shouldn’t) just open everything up in here and hope for the best, and you shouldn’t with your IM as well. It’s a great tool and the more popular it becomes the more it is going to be targeted for viruses and other attacks, be cautious and you should be fine.

Stay safe out there,

~ Chad

Chad Stelnicki

Leave a Reply


Like these tips? Get them for FREE in your email!

WorldStart's Tech Tips Newsletter

  • Tech Tips Daily - Become a tech pro! Get the very best tech and computer help sent directly to your email every weekday!

  • Tech Tips Weekly - If you don't want our Tech Tips newsletter every day, then sign up for this weekly newsletter to get the best information of the week. Sent on Fridays.

Other Newsletters

  • WorldStart's Daily Deals - Every week, we send out great deals in our Daily Deals newsletter. Many of these deals are exclusively for our Daily Deals newsletter subscribers and can't be found with our regular specials.

  • Just For Grins - Each issue includes a couple clean jokes, some funny quotes, and a hilarious reader's story. Newsletter is sent five days a week.


Enter Email Address:

Subscribe

Your e-mail address is safe with us!
We only use it to send you the newsletters you request. It is NEVER disclosed to a third party for any reason, ever! Plus, if you decided you don't like our newsletters (don't worry, you'll love them), unsubscribing is fast and easy.

Free Newsletter Signup



Tech Tips Daily

Become a tech pro! Get the very best tech and computer help sent directly to your email every weekday!

Tech Tips Weekly

The week's best in tech and computer help. Get your issue sent to your email every Friday!

WorldStart's Daily Deals

The very best deals on the Internet! Get a new set of incredible sales every day of the week!

Just For Grins

Clean jokes, funny quotes, and hilarious comics. Sent 5 times a week straight to your email.


Subscribe


Love Worldstart? Refer A Friend!

WorldStart's Premium Membership

Tip Archive


Categories:
Archives: