IM Security: Dont Get Fooled

Instant messaging may leave your system open to attack. Stay vigilant to stay safe.

Using an instant messenger (IM) program seems like a harmless way to have a conversation. Unfortunately, IM can be exploited to damage, commandeer, or infect your machine.

Attacks on IM programs (such as MSN Messenger, AIM, ICQ, and so on) fall into the same categories as other network attacks. Some attacks take advantage of bugs or weaknesses in the software; others exploit human foibles. Heres how to defend yourself against IM security breaches.

Most IM systems were not designed with security in mind. For example, a recently discovered buffer overflow bug in AIM left users computers vulnerable to a remote takeover attack. AOL was lucky: It was able to close the hole by blocking exploit attempts as they passed through its servers. (For more details on this bug, see the bulletin. )

Microsoft, however, was unable to block a worm that spread widely in 2002 via its instant-messaging programs (Windows Messenger, MSN Messenger, and .NET Messenger) as well as Internet Explorer (The bug was actually in IE, but the worm relied on the IM programs to propagate.)