By Robert Vamosi
You'd better keep an eye on your handy instant messaging app, according to security software and advisory firm Internet Security Systems (ISS). Why? Now that companies are getting better at stopping e-mail viruses, instant messengers are the next obvious target for malicious code and viruses in the future, says Dan Ingevaldson, director of R&D at ISS. Also, most popular chat apps do not use a secure layer for text messages, meaning that anyone could intercept and read IM chats outside your corporate firewall.
The current threat
A handful of successful worms already have infected instant messaging clients, including Aplore, which spreads via AOL Instant Messenger (AIM); Goner, which takes advantage of ICQ; and CoolNow, Message from Jerry (also known as Hello), and Choke, all of which are spread via MSN Messenger. So far, no viruses have successfully infected Yahoo Messenger.
Earlier this year, the security organization w00w00 reported two buffer overflows in AIM, the first in January and the second in April. These vulnerabilities, now patched by AOL, made it possible for an attacker to steal your buddy list and spread malicious code throughout the entire AIM community—as well as run malicious code on your computer.
ISS has published a white paper detailing the technical countermeasures system administrators might employ regarding AIM, MSN Messenger, Yahoo Messenger, and ICQ.
Ingevaldson says a lot of companies simply do not allow employees to use instant messengers on the job. Trouble is, the genie is out of the bottle. Instant messaging fills a niche between a phone call and e-mail—it's fast and not too intrusive. Plus, it's hard to keep employees from installing it and hard to stop them from using a proxy once they discover the default IM ports have been blocked.
For example, Yahoo Messenger will automatically attempt to connect to non-blocked ports, including port 23, which is used for telnet. "It is unlikely companies would block telnet," said Ingevaldson. "Yahoo Messenger was designed to make it difficult to block."
More secure IM
For truly secure corporate instant messaging, one alternative suggested by Ingevaldson is Communicator Hub software, which is currently used by Salomon Smith Barney, J.P. Morgan Chase, Merrill Lynch, Credit Suisse First Boston, Goldman Sachs, and other financial institutions. Communicator's instant messaging service traces user activity with identity management, content aggregation and management, and auditing tools.
Unfortunately, widespread use of encrypted instant messaging (either at the consumer or enterprise level) is not expected for a few years. In the meantime, Ingevaldson recommended Trillian, a chat app that connects users to all the major IM clients: AIM, ICQ, MSN Messenger, and Yahoo Messenger. Trillian offers 128-bit Blowfish encryption for AIM and ICQ, something these products currently do not provide on their own.
Yet an even bigger threat to your security, said Ingevaldson, are the peer-to-peer file-sharing networks. Recently, KaZaa users faced a clever worm called Benjamin, which infected their computers with thousands of bogus files disguised as popular film, song, and game titles. Two years ago, Gnutella users faced a similar viral threat. Ingevaldson also said SubSeven (a Trojan horse) is all over these networks, and could open company networks to back-door script kiddie attacks.
The danger of allowing employees to use these file-sharing networks at the office goes beyond just viruses and malicious code, though. Hosting illegal copies of copyrighted material can open corporations to lawsuits, as well.
This article was originally published by ZDNet Tech Update on May 29, 2002.