IM Virus Free!
Instant messaging (IM) is one of the hottest new communications tools to hit the enterprise. While handy for real-time communications, IM is also known for towing along the potential for additional security risks. Despite the increased risk, use of instant messaging continues to grow at breakneck pace as organizations around the globe realize the benefits of including it on their company networks. The most popular IM products in use today are AOL Instant Messenger (AIM), MSN Messenger, Yahoo Messenger and ICQ. While they are available free for download and use, these IM products also allow users to transfer potentially virus-ridden files and conduct unencrypted chat sessions.
One security risk comes from IM’s ability to sometimes bypass corporate firewalls, thereby supplying another entry point for hackers or malicious code. This type of security hole essentially becomes an organization’s “weak link” in the security chain. Remember, IM solutions, like many Internet communications, are based on the typical client-server architecture, with messages being routed through the public Internet. While handy for real-time communications, most IM software also possesses some type of file-sharing capability, giving it the potential to send and receive infected files. In fact, the risks involved in using IM are so great that some organizations have gone so far as to ban its use outright.
The fact is, IM users, like e-mail users, are especially susceptible to certain attack types. One popular social engineering attack method attempts to convince someone to download and run a malicious program. This mostly succeeds when a user feels comfortable with the “person” he or she is talking to, as those “acquaintances” have a greater chance of persuading someone to fall into the trap. A recent example, the Choke worm, attacked MSN Messenger users. People received messages such as “i have a file for u” or “its real funny.” Attached was a not-so-funny file called Hello.exe, which contained the virus.
Unfortunately, the level of protection currently offered against viruses using instant messaging may not be up to par. In light of this, the role of social engineering is even more important. Users must be continually reminded to never open any unexpected or unsolicited attachments that arrive via IM. You may want to go yet a step further and consider disabling or banning file transfers via instant messaging.
With any IM service, users should always employ anti-virus software. Most anti-virus engines have plug-ins for IM clients. If yours doesn’t, don’t panic, as IM-specific anti-virus solutions abound. SOFTWIN for example, offers several IM-specific anti-virus solutions. For MSN Instant Messenger, Yahoo! Messenger, mIRC, PALM, ICQ and NetMeeting, Bitdefender (www.bitdefender.com) is available as a free download for home users. If you’re one of the millions of AIM users, GeCAD Software makes a free (for home and small businesses) AIM-specific solution called RAV4AIM. Using GeCAD’s RAV Engine, RAV4AIM scans all the files you receive by AIM, checking for and cleaning viruses, worms, Trojans and other malware. GeCAD also offers other free IM solutions like RAV4TRILLIAN for Trillian IM users, RAV4MSN for MSN users, RAV4ICQ for ICQ users and RAV4YAHOO! for Yahoo! Messenger users. For additional information or to download a copy, visit www.rav.ro/pages/home.php. Finally, if you use AIM, MSN Messenger or Yahoo! Messenger and you’re concerned about privacy, you’d do well to take a look at IMsecure Pro from security giant Zone Labs LLC. According to Zone Labs’ Web site, “IMsecure Pro ensures that IM conversations are private and secure, protecting PCs and valuable personal information from spammers, identity thieves, hackers and predators who exploit vulnerable IM connections.” IMsecure Pro protects your PC regardless of the service or client you use. For budget-conscious consumers, Zone Labs (www.zonelabs.com) also offers a freeware version called IMsecure.
With hackers and script kiddies ever more prevalent, the likelihood of an attempt to enter your company network via IM has risen in tandem. It’s paramount that you always use updated anti-virus software to scan downloaded files and always keep software up-to-date. That includes not only your anti-virus software, but also your IM chat software, Web browser, operating system, e-mail client and applications. To help combat a social engineering attack, it’s good practice to verify that the person sending you a file is indeed the person they claim to be by asking them to provide information known only to both of you. Watch for executable files that have been disguised (i.e., “Coolpic.jpg.exe”). Remember, the Windows operating system by default hides certain final extensions like .exe, .vbs, etc. Files “disguised” by double extensions often contain malicious code. They should be scanned with updated anti-virus software before they are executed. Configuring Windows to display all file extensions can help users avoid the “double extension deception.”
Douglas Schweitzer, A+, Network+, i-Net+, CIW, is an Internet security specialist and the author of “Securing the Network From Malicious Code” and “Incident Response: Computer Forensics Toolkit.” He can be reached at firstname.lastname@example.org.