Phishing Dips into Yahoo IM

A recent attack on Yahoo Messenger is the latest example of phishing moving beyond e-mail and into instant messages.

Further evidence emerged this week that phishing attacks are spreading far beyond e-mail inboxes. They also are using instant messages in the quest to trick users into divulging personal information through spoofed Web links of well-known companies.

Yahoo Messenger is the latest to come under threat by phishing. Security researchers and Yahoo Inc. confirmed that an attack had begun to spread on the IM service earlier this week.

In the attack, users receive an IM message that often appears to be coming from a buddy-list contact. The IM attempts to lull users into clicking on a URL, which then takes them to a spoofed Yahoo page requesting log-in information for their Yahoo accounts, according to an analysis by Akonix Systems Inc.

Yahoo officials said on Friday that the attack does not appear to be a widespread threat. Yahoo provides users with information about preventing phishing attacks on its security Web site, but the Sunnyvale, Calif., company has not posted any specific warnings about the latest IM-focused attack.

"Phishing is an industry-wide issue, and one that Yahoo! takes very seriously," said spokeswoman Terrell Karlsten, in a statement. "A key defense in the fight against phishing is consumer awareness, and Yahoo! has made it a priority to help educate consumers so that they are empowered to protect themselves online."

Phishing is a well-known problem in e-mail, where messages that spoof the identity of a legitimate company try to get users to provide personal information that can include financial account information.

/zimages/6/28571.gifClick here to read more about how phishing has become big business.

In the middle of last year, phishing attacks also started making the rounds of the major IM service, said Frank Costello, chief marketing officer at Akonix, which sells software to manage and secure enterprise IM. For example, Yahoo said that this weeks attack is not the first to target its service.

In July, a phishing attack using a combination of IM and e-mail tried to lure America Online Inc. subscribers into providing account information.

"I definitely see it increasing, and its because of the same drivers that drive other malicious threats," Costello said of IM phishing. "More and more people are using IM, and e-mail is more protected. The volume of virus writing and other attacks is kind of highlighting to the bad guys that IM is out there."

Akonix has not gathered statistics about the growth of IM phishing attacks, but the company did hear reports about the Yahoo Messenger attack from some of its large customers who share security information for tracking by the Akonix Security Center, Costello said.

/zimages/6/28571.gifPhishing for cash? Click here to read about a new phishing technique offering money to attract users.

Also this week, researchers reported a potential security vulnerability in the Trillian IM client. Trillian, developed by Cerulean Studios, is a client that lets users chat across multiple IM services, including AOL Instant Messenger, Yahoo Messenger and MSN Messenger.

Pittsburgh-based LogicLibrary Inc. said it had discovered a buffer-iteration overflow in the plug-in components that allow the client to connect to multiple IM servers. If exploited, the vulnerability could cause the program to shut down or allow a hacker to gain control of the operating system, the company reported.

The flaw originally appeared in Trillian 2.0 but persists in the Yahoo IM plug-in component in Trillian 3.0 and 3.1, according to LogicLibrarys report.

Security researcher Secunia categorized the security vulnerability as low risk. LogicLibrary provides tools for managing software development assets.

/zimages/6/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.