Malicious threats and vulnerabilities in instant messaging

Eric Chien Symantec
Neal Hindocha Symantec

Malicious threats and vulnerabilities in instant messaging

Instant messaging is an up-and-coming threat as a carrier for malware. More and more people are using instant messaging, both for personal and business reasons. Instant messaging networks provide the ability not only to transfer text messages, but also transfer files. Consequently, instant messengers can transfer worms and other malware.

Furthermore, multiple vulnerabilities have been discovered and have yet to be discovered in instant messaging clients. Such vulnerabilities not only give hackers remote access, but also provide access to fast spreading blended threats. Current blended threats are limited by their ability to find vulnerable hosts, but with instant messaging buddy lists, finding vulnerable hosts becomes significantly easier resulting in a blended threat that may propagate faster than Code Red and Slammer.

This paper will discuss current and future threats to the various instant-messaging networks including how the major instant messaging networks operate. We will also demonstrate a variety of live attacks against instant messaging including hijacking and monitoring entire instant messaging sessions, unauthorized remote access and control, and blended threat and classic worm propagation.

Finally, current and future solutions will be discussed for the various threats including how a company can secure instant messaging communication.  digg this! digg this

Quick Links

Should software vendors extend support for their products on Windows XP beyond the end-of-life of the operating system?
Yes - it keeps their users secure
No - it encourages users to continue to use a less secure OS
I don't know
Leave a comment
View 23 comments


VB2014 VB2014 will take place 24 - 26 September 2014 at the Westin Seattle hotel, Seattle, WA, USA.

Virus Bulletin currently has 231,301 registered users.