The University of Texas at Austin

Security Awareness

Instant Messaging: It’s Convenient for Hackers Too!

Instant messaging (IM) might well be your preferred means of connecting with friends and classmates; as a real-time communication and collaboration tool, it’s probably very much a part of your everyday life. It is also a very appealing way for hackers to ply their trade. Instant messaging systems provide a wealth of opportunity for those who want to exploit IM’s lack of built–in security features, the “buddy list” of recipients, and the download attachment options that many people use without thinking. While e-mail is still a primary vector for spam, IM is so easy to exploit that it is a preferred method for launching new network viruses and  worms

Hey check out this amazing picture, LOL! You'll like it! - Instant Message Example

Think twice before clicking! IM messages like this one may look harmless, but could be masking a hostile virus or worm. Clicking an unexpected link or attachment may open the door to viruses, worms, or other malicious threats.

The Information Security Office (ISO) at UT Austin warns that instant messaging is the initial point of entry for most of the recent viruses and worms showing up on campus. Hackers find it easy to plant viruses, spyware, phishing scams, and a wide variety of worms in instant messages. According to an Internet Security Threat Report from Symantec Corporation, IM and peer-to-peer technology have played a significant role in the rapid increase in cyber security threats over the past several years. In fact, IM worms—because they are fast to propagate and mutate—are the weapon of choice for many cyber criminals whose intent is to do the greatest harm as quickly as possible.

Despite this gloom-and-doom scenario, you can battle such threats. Learning what you can about IM security hazards is a good starting point. For example, knowing that an incoming IM message with an attachment can contain a virus—even if the sender’s name is on your buddy or contact list—gives you the opportunity to verify offline if the attachment is real. Here are some additional tips to help you protect yourself when using IM:

    • Make sure that your IM account password is strong. Protect it by not allowing your IM program to “remember” your password or automatically sign in to your account.
    • Don’t automatically accept incoming messages or file transfers. File transfers are an easy way for hackers to launch virus attacks. Don’t accept the transfer unless you are expecting it.
    • Don’t discuss confidential information via IM or install an IM application on a computer containing confidential information. Don’t assume that your IM conversations are private or secure. Most IM programs are not encrypted; therefore, someone listening on the network can read vital personal information. Also, if a worm or virus entered your computer, your confidential information could be compromised.
    • Watch for and download security upgrades from IM companies. IM companies frequently address security flaws and provide solutions to their customers. Turn on automatic updates for your IM program and install them as soon as they are available.