Instant Messaging - The next security threat

by Adam West | More from this Blogger

27 Apr 2006 04:00 PM

Instant messaging (IM) has become a very popular medium for communicating over the Internet. With so many available services like MSN Messenger, Yahoo! Messenger, and AOL Instant Messenger, it is no wonder why so many people are flocking to use the free software. Don't think that it's just teenagers and their friends using IM services either. Hackers and other would-be computer intruders are now using IM as a way to put viruses, worms, spyware, and other types of malicious software on your computer. In fact, IM is catching up to e-mail as one of the main sources of malicious computer attacks.

Contrary to popular belief, most IM programs are not very secure. They were not originally designed with all of the security features that come with other types of communication programs (e.g., email). Due to the initial lack of security, it is very easy for hackers to slip a fake link or virus into an instant message. While most IM companies have been addressing security flaws with their software, some individual users don't update the software or follow the necessary steps to keep their IM software safe.

College campuses have long been a popular place for IM. As such, university computer staffs around the United States have become involved in combating the security woes of IM. The University of Texas at Austin, for example, regularly updates students about the security dangers of IM and what they can do to protect their personal information. The screenshot below, from the University of Texas, shows an example of a fake instant message that contains a bogus link.

I want to pass on four ideas that the Information and Technology Services team at the University of Texas put together to help students, parents, and anyone who uses IM regularly. You can find the full article on the ITS page at the University of Texas.

Keep your IM password safe. Use a difficult to guess password (lots of random letters, numbers, and characters) and don't let the IM program "remember" your password or sign you in automatically to your account.

Watch incoming messages or file transfers. Unless you are expecting a message or file transfer, don't accept it. This is tricky because IM screen names are very easy for hackers to get a hold of and use. So you may receive a link from a screen name that is listed in your buddy list, but the link is bogus (see screenshot above).

Limit the use of personal and confidential information. IM conversations are often not private or encrypted, which means they are not changed so it becomes difficult for others to read them. If you really need to give out personal information to someone via IM, I recommend using another secure communication medium such as landline telephone or encrypted email.

Download security upgrades. Use automatic updates or regularly check your IM software company's Web site for updates. IM companies are becoming more active in keeping their software secure.

Learn more about Adam West

Adam is avid computer and electronics hobbyist. He and his young family call central Texas home. His love of the application of multimedia and electronics has lead him to Families.

View Full Profile | More from this Blogger

Aimee Amodio (11995) 28 Apr 2006 11:53 AM

So how do you know if an incoming file transfer or link is a fake? They're not really going to come from an address like "fakeoutsite.com"... so how can you tell?

And to stick up for instant messaging a little bit, if people are smart about using it, it's not OMG scary! It's another good way to keep in touch with friends and family. I'm a little concerned that by focusing only on the negatives, people might be scared away from using the services. (And anybody trying to hack into my IM conversations is going to find it incredibly boring!) :)

Adam West (382) 28 Apr 2006 01:02 PM

Thanks for your comments, Aimee. A good way to tell if an IM is fake is that you don't request or expect it from a friend and any links contained in it show a link to a URL that you don't recognize (e.g., link to a site in another country or with a funny looking URL).

Also, I too love IM. I just wanted to alert others to the fact that IM is not as safe as we may think. Even though conversations may be boring (mine are too), viruses and other malware that can harm your computer can easily be inserted into an IM by automated hacker systems. As long as we pay attention and keep our software updated, we shouldn't have any trouble with IM (I have yet to have any major mishaps).

Dean Householder (925) 19 May 2006 12:41 AM

I recommend using GAIM (http://gaim.sf.net) which is able to connect to AIM, MSN, Yahoo, Jabber, Google Talk and others. It is free, runs on any platform, doesn't have any ads or spyware, and can be used securely. There is a plugin called Gaim-Encryption (http://gaim-encryption.sf.net) which allows conversations to be encrypted so that if someone tries to capture the conversation, they only see giberish. I use it everyday!