Increased Multimedia Functions Mean
IM Danger"> Boyd said the "lockx.exe" rootkit has been programmed to connect to an IRC server to listen for commands from a remote attacker. The Windows kernel rootkit can also be used to hide log-ins, processes, files, and logs. It may include software to intercept data from terminals, network connections, and the keyboard.At the time, exploit code that could be used in widespread attack was circulating on underground Web sites just 24 hours after Microsoft released the software patch. Tyler Wells, senior director of engineering for FaceTime Communications Inc., said buffer overflows in IM applications are a recipe for disaster. "Weve already seen documentation for some serious code-execution vulnerabilities in IM applications. If you put it all together, youll see were not that far away from an automated IM attack where infections dont require the user to click on anything," Wells said. "The attackers will start looking for exploits within the IM itself. Now were seeing the IM clients become more than just a text chat tool. AIM now has the ability to load an image on top of the buddy list and play music without a click. All the messaging clients today are bundling a lot of different applications like VOIP, file transfer, image sharing, Internet radio. Those add-ins all have their own security concerns," Wells said in an interview. "When you bundle third-party functionality into the program, you expand the client footprint, but youre also in inheriting all the security problems," he added. Arbor Networks Nazario said there has been detailed research work done to show that an automated IM worm could spread over IM rapidly. "In the worst case scenario, research has shown that all vulnerable clients online at a time could get infected in a matter of seconds." "Whether we see that in practice is debate. But the results of simulations and analysis were striking. If someone is able to operationalize a worm that propagates without user intervention, we would be in for a very massive attack," Nazario said. "A fully automated, rampant IM worm can happen at any time. Im actually very surprised its not out there yet. Its a very attractive way to drop malware behind an enterprise security system quickly and efficiently," he added. Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
Earlier this year, Microsoft Corp. became so worried that its MSN Messenger network could be used in an automated worm attack, it pushed out patched versions of the software as a mandatory update.