Hackers are exploiting browser security flaws to hijack instant messaging (IM) accounts, security experts have warned.
When Microsoft decided to shut down its chat rooms for security reasons, it suggested IM as an alternative.
But although the company claims this method of chat is safer, hackers hav already exploited security holes in the Internet Explorer browser to hijack IM accounts, according to Drew Copley, a research engineer at eEye Digital Security, who discovered the original security vulnerability.
This could open a back door to unknown chatters as well as expose children to pornography from spammers.
Internet security firm Symantec said vulnerabilites have meant that attacks on IM and peer-to-peer sites have risen 400 per cent since 2002.
Using what are known as application programming interfaces (a set of routines, protocols, and tools for building software applications), hackers have developed worms or Trojans that can capture a remote user's list of IM correspondents, or 'buddies'.
By grabbing a user's buddy list rather than scanning for vulnerable IP addresses, these worms have the potential to be more virulent than predecessors like Code Red, Slammer or Blaster, which spread over the internet rather than over IM networks, warned Neal Hindocha of Symantec Security Response.
Usually the victim is led to a website, either by a distributing link through IM or via an email with a link to the webpage, which then automatically downloads a worm or trojan.
One program, according to security bulletin BugTraq, hijacks an already running AOL IM (AIM) account, changes the password and sends a message to the buddies list with a link to a malicious web page.
Another attack on users of AIM is being accomplished by sending them to a website where a trojan downloads an automated dialler. Users accessing the internet via dial-up accounts are then switched to premium rate porn numbers.
A similar worm that spreads through the Microsoft MSN Messenger system, according to South Korean antivirus company, Global Hauri. This attempts to connect to a porn website and also sends itself to names in the victim's contact list.
At the time of going to press neither AOL nor Microsoft had returned calls for comment.
source:
vnunet
