- Worldstart's Tech Tips And Computer Help - http://www.worldstart.com -

Instant Messenger Vulnerabilites

There are just a few things worse than when I write an article about how wonderful some program or service is, only to find a big nasty foot in my mouth a week or two later. Well back on March 10, 2005 I reviewed Trillian, an IM (Instant Messenger) manager, as a download of the week. You can use Trillian with pretty much every IM program such as AOL, Yahoo, and MSN to name but a few. Well back on the 25th of March came the IM vulnerabilities—what a horrible coincidence.

There are four different vulnerabilities this month, affecting three IM programs: two for MSN, one for Yahoo, and another for Trillian. Each is described each below:

MSN Messenger is in the lead with two worms that have unearthed themselves:

•  Kelvir this is an older worm that has come out of retirement. It shows up as a link in a message, you click on the link you get the worm. Once in it will replicate itself within your system and awaits further instructions from the Mothership.

•  Sumon or the (Win32.Serflog.a) is a new worm, and infects in a very similar fashion as the Kelvir, except it uses an attachment instead of a link. Once infected the worm goes to work trying to shut down certain programs such as anti-virus programs, knock out your any MSN security, and can block you from certain web addresses.

Yahoo Messenger has a real winner knocking at the door as well:

•  It’s actually a Phishing technique that can come straight from your Buddy list, and it is bound to catch some people. What it does is send you a message possibly posing as a “Buddy”, which redirects you to a Yahoo looking site where you are then prompted to enter your username and password. This of course is a spoofed site that has captured your information, and now has your username and password to Yahoo Messenger. Also if this is the same username and password you use for other or even all your online accounts then they may have access to more than just your messenger.

Trillian, the download I showcased a couple of weeks ago, apparently has an exploit as well. It seems that, though highly unlikely, a Hacker could enter your PC and take control of programs or the whole PC. Now before you go scurrying over to your Add/Remove programs you should know that even though it can be done, it would take a whole lot of hacker savvy, not to mention that the Cerulean Studios’ creator of Trillian has assured it’s users that it will have the hole fixed with the new version (no date).

So it turns out that Instant Messengers have the same problems as everything else on the web—the potential for vicious attacks on your system. I wouldn’t let this stop you from using your IM, though I may stop using Trillian until the hole is patched.

I would just keep in mind that you shouldn’t just open up messages or links you’re not expecting. Always ask the sender to see if they sent this link or attachment in order to make sure that it is not coming from some unknown source. Just think of Instant Messaging as you would email, you don’t (or at least shouldn’t) just open everything up in here and hope for the best, and you shouldn’t with your IM as well. It’s a great tool and the more popular it becomes the more it is going to be targeted for viruses and other attacks, be cautious and you should be fine.

Stay safe out there,

~ Chad

Chad Stelnicki