Categories

BitTorrent
Conferences
Direct Revenue
Julie Amero
Myspace
Podcasts
Postbag
The Big Ones
The Fourth Wall
Yapbrowser
Zango

Creative Commons License
All articles licensed
under a Creative
Commons License.  








Home | About me | Press | The Fourth Wall | Links

Tuesday, November 01, 2005

Eweek's Instant Messaging special...

Well, hit the Eweek.com front page and they have a whole "IM Invasion" thing going on, and rightly so. It seems like the day isn't complete without some hot new installer working its way across your chat buddies and rox0ring their b0xorz. I've just finished up a bunch of press-type things, and the general feeling is that these things will continue to get suckier, as more dodgy characters decide to abandon more easily traceable methods of install in favour of the vast darkness of IM space and other locales off the beaten track.

Techworld.com seized upon something I said in passing, and they pretty much nailed it - "Frankenstein rootkit hits AIM users". All of these bundles we're seeing are (in a lot of cases) wildly cobbled together junkpiles, with an old exploit here, a customised piece of trickery there, and (now) using advertising software as some kind of crazy "decoy", to distract from whatever the real purpose of the install may be.

Over at Eweek.com, they ask if automated IM worms are on the way. Quote time:

"I've noticed over the past six months or so, the malware writers are moving away from the standard Web page drive-bys and finding new avenues to deliver the nasties. We've seen it with BitTorrent and we're seeing it more and more with IM," Boyd added.

Ah, prophecies of doom. Unfortunately, this isn't scaremongering - every time I look at an online news site thingy, first thing I'm likely to see is something about a grotty piece of junk marching across the planet via IM. Well, that and those stupid banner ads asking to click yes / no as to whether Britney is having a boy or a girl. Doh...

Is the only solution to simply cripple the ability to send people links in IM? I don't think so - though some companies have put similar methods in place, let's face it - one of the core functionalities of an IM system is the ability to send people stuff. If I use a client that starts throwing up box after box asking me "if I'm sure I want to click / send a link", I'm outta' there and using another system. Sad, but true - and I'm guessing huge chunks of users would also abandon ship.

An added problem is trying to differentiate good and bad links. There used to be a time when, if someone logged in and fired you a URL out of the blue on MSN, they were guaranteed to be infected with something. Not anymore - there are now genuine, risk free "enhancement" applications for various IM clients that (as part of the deal for installing them) will have the end-user agree to shooting all their contacts a "hey use us we rock" message when they login.

To complicate things further, these end-users had no problem with that so who are we to tell them to can it? What if someone comes up with a valid use for auto-sending a URL (unlikely, but you never know. What about a corny, yet useful, "message of the day" for your place of work)?

Too many complications. Too many headaches to work out. But one thing is for certain, after crazy BitTorrent bundles, teenage hackers running riot in IM-space, fake Google toolbars popping up left, right and centre and now what is likely the first instance of a rootkit bundling with advertising software through AIM, we haven't even got started in this area yet.

What's next?

/ Edit - Well, this from the looks of it. This story just got Slashdotted twice in as many days. Blimey.

/ Edit - More links. The BBC, and PCWorld.

posted by paperghost at 9:18 AM | Digg it!

All Content © Vitalsecurity.org 2006. The content of this site is entirely the opinion of Paperghost, and is in no way endorsed by FaceTime Communications. In other words - have a problem, come see me.