Instant Messaging Worms
November 1st, 2005
It seems that after e-mail and the internet, instant messaging is becoming a forefront for attacks. An article at eWeek suggests that a fully automated IM worm is "inevitable".
"I’m really surprised we haven’t seen the fully automated worm on these IM networks. To me, it’s begging to happen," Nazario said in an interview with Ziff Davis Internet News. "Pretty soon, someone will find a way to package one of these attacks with an unpatched vulnerability to cause some real problems."
I remember when MSN Messenger 7 first introduced Winks. They forgot to restrict them to signed winks - you could add any Flash movie. Some creative people wrote a wink which opened up objectional websites such as Goatse. I was also a bit hesistant about upgrading to MSN Messenger 6 because of display pictures, thumbnails and custom emotions but I realised they shouldn’t be any more vulnerable than using a web browser or image editor.
Perhaps the most worrying thing is this:
"In the worst case scenario, research has shown that all vulnerable clients online at a time could get infected in a matter of seconds."
I wonder whether switching to an open source alternative IM program such as Gaim would provide any real security benefits.
- Uncategorized
- Comments(0)