NOW READ THIS
("Security Advisory")
Submitted by: Bill Hickey
NCVA List Master
NRT-0398 Instant Messaging Attacks Get More Sophisticated and
Dangerous:
Attacks via instant messaging (IM) systems have continued to
increase in sophistication and are becoming more dangerous, according to
security vendor Akonix. The company tracked fourteen new attacks on IM systems
in January 2008, finding that, while the number of atttacks had improved in
their ability to target users. IM attacks are a relatively recent phenomenon,
but the numbers have risen sharply in recent months. In July 2007, Akonix said
the number of threats over the past twelve months was up 78% from the previous
year.
New IM worms identified in January include
"MSNChristmas," "MSNVB,""Perin," and
"Raiodin." One of the worst in the group, Perin, spreads via a link
to contacts on MSN and AIM networks and installs a backdoor server on infected
computers.
Over the past year, multi-stage IM attacks have begun
surfacing that deliver malicious code, which, in turn, downloads other code.
Another trend is two-stage attacks, where the second stage is the downloading of
a Trojan that waits for users to log into specific banking sites to activate a
key-logging program.
In addition, there are multi-vector attacks where a malicious
URL may be delivered by IM but propagated using e-mail or come in via e-mail
and go out over IM. Attacks focused on consumer services AOL, MSN, and Yahoo
are beginning to span networks, according to Akonix.
(TechWorld.com 30JAN08)