Intruders Target Instant Messaging

Tens of thousands of people have reportedly been tricked into downloading malicious software onto their computers from Internet Relay Chat and Instant Messaging, according to an incident report released by the CERT Coordination Center at Carnegie Mellon University.

CERT, a Pittsburgh-based security research and information service, said the intruders then use the victims' computers "as attack platforms for launching distributed denial-of-service attacks." In a denial of service attack, a number of PCs are coopted--wothout their owners' knowledge--to help bombard a "target" Web site or network with requests, often disabling it through the sheer volume of requests.

The CERT advisory reported that the misleading messages on Internet Relay Chat (IRC) or Instant Messaging (IM) services often warn users whose computers are already infected with a virus. The bogus warning instructs them to go to a Web address and download a program to clean their machine or face being banned from the IRC or IM system they're using.

"This is purely a social engineering attack, since the user's decision to download and run the software is the deciding factor in whether or not the attack is successful," said the report, authored by Allen D. Householder, an Internet security analyst at CERT. "Although this activity is not novel, the technique is still effective, as evidenced by the reports of tens of thousands of systems being compromised in this manner."

Dangerous Intruders

CERT warned that once a system has been compromised, attackers may be able to:

* Exercise remote control

* Expose confidential data

* Install other malicious software

* Change or delete files

American Online, whose more than 100 million registered AOL Instant Messenger (AIM) users send 1.3 billion messages daily, said it is aware of the CERT warning. AOL urges all of its members to use common sense and skepticism when chatting with others on the Web.

If a message ever "appears from out of the blue" warning a user of a threat, such as those cited in the CERT example, users should be skeptical, AOL spokesperson Nicholas Graham said. Most people would question the credibility of a stranger calling on the phone asking for financial information, for instance, and they should exercise that same level of wariness in their online activities, he said.

"Never download files from strangers," Graham said. "Online, know who you are dealing with. As for hyperlinks, the same also applies ... don't click on an unknown or strange link."

CERT shares those sentiments and also recommends that home users make sure they have the latest version of antivirus software installed on their machines. Graham also said that home users should instruct their children in how to use the computer safely, since it makes no sense to take precautions just to have another user make a mistake.