Kaspersky Lab announces the publication of the analytical article “‘Instant’ Threats”

27 May 2008
Virus News

Kaspersky Lab, a leading developer of secure content management solutions, has published “‘Instant’ Threats” by Denis Maslennikov and Boris Yampolsky, two of the company’s virus analysts. The article analyzes the spread of malware via instant messengers.

Instant messaging programs are very attractive to malicious users of all kinds, and because of this the problem of malware distribution via IM clients is a serious one. New versions of IM clients contain as yet unknown vulnerabilities, which can be identified first by hackers and only afterwards by program developers. Such situations can easily lead to mass epidemics. Some users are also extremely tired of getting unwanted messages (IM spam).

The article uses the example of ICQ – a popular IM client in many countries – to demonstrate the most widespread types of attack used by cybercriminals against instant messengers.

The widespread theft of ICQ numbers using various malicious programs – primarily, the Trojan PSW.Win32.LdPinch family – has posed a threat to users for several years now. LdPinch not only steals passwords to ICQ and other IM clients but also to email accounts, various FTP programs, online games, etc.

ICQ is used most commonly to spread the following malware: IM worms that use the client as a base for self-propagation; Trojan programs for stealing passwords, including those for ICQ numbers (in the vast majority of cases, it is Trojan-PSW.Win32.LdPinch); and malicious programs created to fraudulently obtain money from users (e.g., Hoax.Win32.*.*).

If IM worms usually spread with little or no help from the user, then in the other cases cybercriminals use a variety of social engineering ploys to provoke a potential victim into clicking on a link, and opening a file if the link downloads a malicious program.

Sometimes the vulnerabilities that are exploited to carry out such attacks may be present in the instant messaging programs themselves. In many cases these vulnerabilities can lead to buffer overflow and the execution of arbitrary code on a system, or enable remote access to a computer without the knowledge or consent of the owner.

The number of unwanted messages received by a user in any given period of time depends on the ICQ number. Users with six-digit UINs receive an average of 15 to 20 unwanted messages every hour. Users with unremarkable nine-digit numbers receive an average of 10 to 14 such messages every day, while users with 'attractive' numbers get 2 to 2.5 times more spam.

Currently, there are no methods or solutions designed specifically to protect IM clients. However, observing the simple rules of ‘computer hygiene’, and using a well-configured anti-spam bot combined with a healthy dose of common sense can help users enjoy worry-free chat via the Internet.

The full version of the article “‘Instant’ threats” can be found at www.viruslist.com.