Malicious threats and vulnerabilities in instant messaging

Eric Chien Symantec
Neal Hindocha Symantec

Malicious threats and vulnerabilities in instant messaging

Instant messaging is an up-and-coming threat as a carrier for malware. More and more people are using instant messaging, both for personal and business reasons. Instant messaging networks provide the ability not only to transfer text messages, but also transfer files. Consequently, instant messengers can transfer worms and other malware.

Furthermore, multiple vulnerabilities have been discovered and have yet to be discovered in instant messaging clients. Such vulnerabilities not only give hackers remote access, but also provide access to fast spreading blended threats. Current blended threats are limited by their ability to find vulnerable hosts, but with instant messaging buddy lists, finding vulnerable hosts becomes significantly easier resulting in a blended threat that may propagate faster than Code Red and Slammer.

This paper will discuss current and future threats to the various instant-messaging networks including how the major instant messaging networks operate. We will also demonstrate a variety of live attacks against instant messaging including hijacking and monitoring entire instant messaging sessions, unauthorized remote access and control, and blended threat and classic worm propagation.

Finally, current and future solutions will be discussed for the various threats including how a company can secure instant messaging communication.

 del.icio.us  digg this! digg this

Quick Links

Poll
Should software vendors extend support for their products on Windows XP beyond the end-of-life of the operating system?
Yes - it keeps their users secure
No - it encourages users to continue to use a less secure OS
I don't know
Leave a comment
View 24 comments

SMI Oil and Gas Cyber Security 2014

Virus Bulletin
In this month's magazine:
  • VBSpam comparative review March 2014
  • VB100 comparative review on Ubuntu Server 12.04LTS
  • The shape of things to come
  • Threat intelligence sharing: tying one hand behind our backs
  • The curse of Necurs, part 1
  • More fast or more dirty?
  • Tofsee botnet
  • Back to VBA
  • Is the security industry up to the new challenges to come?
  • Greetz from academe: No place to Hyde
Virus Bulletin 04 2014
Subscribe now!

Virus Bulletin currently has 231,336 registered users.