Viruses AIM FOR IM

All major instant messaging packages let you limit or eliminate spim. But the settings that block it require you to make some trade-offs

Virus writers, scammers and spammers are plying their trade via instant messaging. Liane Cassavoy and Andrew Brandt identify the real threats and offer tips on avoiding them.

When it comes to viruses and worms, email gets all the attention. But now that instant messaging has infiltrated both home and office, it too has become an attractive and easy target for virus writers and spammers.

From 2002 to 2003, worms and viruses that spread via IM and peer-to-peer networks increased 400 percent, according to Symantec's Internet Security Threat Report. Already this year, we've seen the Jitux.A and Bizex worms targeting MSN Messenger and ICQ, respectively.

Jitux.A spread itself by tapping users' IM contacts, but Bizex had more malicious intent - it sent you a link to a Web site that scanned your PC for data on your electronic payments and finances. The site was quickly shut down once the worm was discovered, but no one is sure how much data was collected before then.

Expect the threats to continue. As users get more adept at stopping traditional attacks, virus writers will look for softer targets, says Bill Adler, president of CyberScrub, a PC security software vendor. "Instant messaging, for many reasons, is a softer target," he states.

Be on guard

But don't scrap your IM client just yet. Most IM viruses and worms can't propagate automatically - they require you to click a link or download an applet. You can therefore avoid many of the threats if you practice safe computing. See Chat protection on page 38 for tips on keeping yourself and your data safe.

A prime example is the Osama Found game, which circulated rapidly via AOL Instant Messenger earlier this year. It spread by sending a link to AIM users, inviting them to download a game in which they could pretend to catch Bin Laden. Users who clicked through got the game as well as BuddyLinks, a program that grabbed all of the user's IM contacts and sent them the same message.

The very nature of instant messaging - its informality and immediacy - worsens the danger from worms, viruses and other malware. "People tend to let their guard down when it comes to instant messaging, while we have a much more healthy scepticism when it comes to email," explains Bryson Gordon, a senior manager with McAfee security consumer division.

Closed networks

But the most popular IM clients such as AIM and Yahoo Messenger work through closed networks, meaning that users can communicate only with others on the same service. In order to exchange messages with people on multiple networks, you need to run one of the less widely used third-party clients such as Trillian (www.trillian.cc).

"People tend to let their guard down when it comes to instant messaging, while we have a much more healthy scepticism when it comes to email"

- Bryson Gordon, senior manager, McAfee security consumer division

That lack of interoperability may be annoying, but it also helps to curtail the spread of viruses and makes IM a less appealing target than email. And unlike Internet Explorer or Windows, IM applications - at least so far - have fewer published holes through which viruses and worms can spread without a victim's aid.

Antivirus and security software vendors have extended protection coverage to IM. For example, Zone Labs, maker of the popular ZoneAlarm firewall, last year released IMSecure (free for personal use, plus IMSecure Pro version is also available for $29.95) a program that encrypts messages and blocks potentially hazardous URLs.

Symantec's Norton Antivirus includes instant message scanning and McAfee added the same feature to VirusScan 8.0. Both of these programs promise to remove viruses from files received via IM and to protect against viruses that may be downloaded through URLs or links received in messages. And here's some more good news. In informal tests of several antivirus and security applications - with or without special IM components - all caught known viruses sent via AIM.

Chat Protection

To prevent infection, keep your instant messenger client updated and follow these tips:

  • Be wary of files sent via IM, especially those with EXE and SCR extensions or ones purporting to be games. For best protection, verify with senders before opening.
  • Never click an unsolicited link fed via IM, or one lurking in another member's profile or away message.
  • Check your antivirus company's home page or a general virus site such as http://antivirus.about.com for news on current threats.
  • Evaluate your protection with the antivirus test at Eicar.org.
  • Upgrade employees' IM clients. Lotus offers its own secure IM program while AOL, Microsoft and Yahoo have paid, corporate IM services with built-in security.

Trust no one

No antivirus program or firewall - both considered must-haves for every PC user - can prevent all virus attacks. Your vigilance remains your best defence. Oliver Friedrichs, a senior manager at Symantec Security Response, says "These threats are [only] successful because people continue to trust content that they receive."

Here come the spimmers

With spam filters improving and some internet providers taking legal action against spammers, a growing number of junk mailers are turning to instant messaging to get the word out about their sleazy wares. This year, spim (spam over IM) messages will number about two billion - four times last year's total, according to David Ferris, president of research company Ferris Research.

Many spim messages tout pornography or fast-money schemes and include a link to a website. Following that link can trigger an avalanche of other privacy and security problems. You may get swamped with pop-up ads or spyware and Trojan horse apps may install themselves on your PC. And spim can be even more intrusive than spam. Just like a regular IM message, spim can pop up in a chat window on top of whatever you're working on at the time.

The increase in IM spam will come about due to much greater use of IM among businesses and a rapid increase in published IM names in corporate and public directories, according to US-based research firm Radicati Group.

The overall business IM market grew by 130 percent worldwide from 2002 to 2003 and will grow a further 85 percent from 2003 to 2004, according to Ferris Research. By 2007 the overall business IM market will increase to 182 million users, representing a compound annual growth rate of 79 per cent.

Fortunately, all major instant messaging packages let you limit or eliminate spim. But the settings that block it require you to make some trade-offs - for example, messages from people not on your contact list will be blocked. You can still add users to your buddy list, but it takes a few more mouse clicks. It's a good idea to add to your list everyone you think you may want to communicate with, before you implement the following tips.

  • AOL Instant Messenger: Press the <F3> key (or click My AIM, Edit Options, Edit Preferences) to open the Preferences window. Select Privacy in the lefthand pane and then, under the "Who Can Contact Me" header, choose the option entitled Allow only users on my buddy list.
  • Yahoo Messenger: Click the Login menu and choose Preferences. Select the Privacy item in the lefthand pane of the Yahoo Messenger Preferences window and choose the option entitled Ignore anyone who is not on my Friend list. To prevent spim through Yahoo's web interface, head to the "When people see my ID on Yahoo websites" section and choose the option called Do not allow users to see me online and contact me.
  • MSN Messenger: Once you're logged in, click Tools, Options and then select the Privacy tab. Check the box entitled Only people on my Allow List can see my status and send me messages. The Privacy tab also has controls for adding or removing people on the Allow List, as well as a button that lets you see which other MSN Messenger users have added you to their contact list.
  • ICQ: Click the Main button and select Security and Privacy Permissions then Communication Events in the lefthand pane. Fill in the radio buttons under either the yellow checkmark icon (which limits these actions to users on your contact list) or the red X icon (which prevents anyone from sending you these things). Click Spam Control in the lefthand pane, fill in all the checkboxes in the righthand pane and choose All users next to the item labelled "Do not accept multirecipient messages from".

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?