[an error occurred while processing this directive]
     <p align=left><font face=arial><big><b>CurzTech News Network</b></big>
      <hr>
      <small><a href="http://curztech.com/news/">CurzTech&nbsp;News&nbsp;Network</a> |&nbsp;<a href="http://curztech.com/news/worldnews.shtml">CurzTech&nbsp;World&nbsp;News</a> |&nbsp;<a href="http://curztech.com/news/usnews.shtml">CurzTech&nbsp;U.S.&nbsp;News</a> |&nbsp;<a href="http://curztech.com/news/entertainment.shtml">CurzTech&nbsp;Entertainment&nbsp;News</a> |&nbsp;<a href="http://curztech.com/news/politics.shtml">CurzTech&nbsp;Political&nbsp;News</a> |&nbsp;<a href="http://curztech.com/news/conspiracy.shtml">CurzTech&nbsp;Conspiracy&nbsp;News</a> |&nbsp;<a href="http://curztech.com/news/offsitenews_prev.shtml">Yesterday's News</a> |&nbsp;<a href="http://curztech.com/news/offsite_archive.shtml">Offsite Archive</a></small>
      <hr>
     </p>

<!-- Begin Content -->











<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title>OSAC Item (Printer Friendly Version)</title>
</head>

<body>




<font CLASS="header"><strong>Instant Insecurity: Security Issues of Instant Messaging</strong></font><BR>from SecurityFocus on Wednesday, January 15, 2003 
<P> Instant messaging is an increasingly popular method for communicating over the Internet. Instant messaging (IM) is a real-time supplement to and, in some regards, a replacement for e-mailing. Unlike e-mail, instant messaging allows users to see whether a chosen friend or co-worker is connected to the Internet. Typically, the instant messaging service will alert a user if somebody on the user's list of correspondents is on-line. Instant messaging also differs from e-mail in that messages are exchanged directly almost instantly, allowing for a two-way communication in real-time.  <P>
Because of the almost immediate two-way nature of communication, many users feel that the use of instant messaging in the workplace leads to more effective and efficient workplace communications and, therefore, to higher productivity. As a result, IM is increasing in popularity in both professional and personal applications. However, as with most things Internet based, the increasing use of instant messaging has led to an associated increase in the number of security risks.  <P>
This paper will describe instant messaging and offer a brief overview of some of the security threats associated with the service. This article is based on a previously published Symantec white paper called Threats to Instant Messaging.  <P>
How does Instant Messaging Work?  <P>
Instant messaging networks consist of clients and servers. A user installs a client that connects to a server operated by the instant messaging network vendor, such as AOL or ICQ, or Yahoo Messenger. (It should be noted that because they use different protocols, the different instant messaging services are not interoperable. Therefore, ICQ users can only communicate with other ICQ users, not with users of other instant messaging services.) All users that sign up for instant messaging are given a unique identifier, which can be either a name or a number. The user then gives out the unique identifier to people that he or she wants to communicate with via the instant messaging network.  <P>
The user starts an instant messaging session by authenticating to the server. When two authenticated users want to communicate, the following sequence occurs.  <P>
Alice instructs the instant messaging client to send a text-message to Bill. The client creates a packet containing the message and sends it to the server.  <P>
The server looks at the packet and determines that the recipient is Bill. The server then creates a new packet with the message from Alice and sends it to Bill.  <P>
Most instant messengers will continue to send all following messages via the central server. However, some instant messengers create a direct connection between the users after the first message. The use of a central server is beneficial in many ways. For example, Alice is only required to know the unique identifier for Bill. Furthermore, she can send messages to Bill even if he is not on-line. The server will store the message until Bill authenticates with the server, at which time it is sent to him.  <P>
Most instant messaging clients have the ability to create buddy lists, or lists of preferred people the user wants to communicate with that keeps track of whether those people are available for instant messaging. For example, when Bill sends Alice his unique identifier, Alice can save it in her buddy list. From then on, whenever Alice authenticates with the instant messaging server, she can see Bill in her buddy list; therefore, she is not required to remember Bill's unique identifier. She will also be notified if he is on-line, off-line, away from his desk, etc.  <P>
Instant Messaging Security Threats  <P>
Instant messaging networks provide the ability to not only transfer text messages, but also the transfer of files. Consequently, instant messengers can transfer worms and other malware. Instant messengers can also provide an access point for backdoor trojan horses. Hackers can use instant messaging to gain backdoor access to computers without opening a listening port, effectively bypassing desktop and perimeter firewall implementations. Furthermore, finding victims doesn't require scanning unknown IP addresses, but rather simply selecting from an updated directory of buddy lists. In addition to client-initiated file transfers, all the major instant messaging networks support peer-to-peer file sharing where one can share a directory or drive. This means that all the files on a computer can be shared using the instant messaging client, leading to the spread of files that are infected with a virus or other malware. As we shall see, this characteristic also makes information being communicated along IM vulnerable to unauthorized viewing.  <P>
Worms  <P>
Email worms are part of daily life for any computer security professional. However, these threats can be dealt with swiftly by effective gateway monitoring and by installing desktop AV protection. Therefore, once detection is available for a particular worm, infected emails will be stopped at the gateway. In the case of instant messaging, however, antivirus software does not currently monitor traffic at the gateway level. If a worm starts to spread using instant messaging, it cannot be stopped before it reached the user's computer.  <P>
The number of instant messaging worms is rising steadily. This is made clear when one considers the list of recent IM worms:  <P>
W32.Choke (June 6, 2001)  <P>
W95.SoFunny.Worm@m (July 3, 2001)  <P>
W32.Goner.A@mm (Dec. 4, 2001)  <P>
W32.Led@mm (January 22, 2002)  <P>
W32.Seesix.Worm(May 15, 2002)  <P>
Despite the growing threat, there are still no antivirus applications that directly monitor instant messaging traffic on a server level. This is due to the difficulty in finding Instant Messaging traffic, as it is often embedded inside HTTP packets. However, a few antivirus applications plug in to instant messaging clients, scanning files as they are received. The lack of applications scanning instant messaging network traffic is partly due to the difficulty in monitoring instant messaging traffic, as well as the constant modifications to the clients and the protocols they use. Unfortunately, this makes instant messengers an open door to the computer, as unscanned traffic will bypass most server-based security measures. Only the antivirus product running at the desktop level can catch the worms.  <P>
The way in which these worms replicate varies. Some of the worms spread via email as well as instant messaging. Others spread only via instant messaging. However, currently instant messaging worms all still require user interaction for execution. None make use of an exploit to allow auto-execution upon receipt. Therefore, if instant messaging users are more aware of the threats and how to prevent them, the success of these worms would be significantly reduced.  <P>
Backdoor Trojan Horses  <P>

[an error occurred while processing this directive]