29th November 2010 – A few days ago, an unnamed computer worm forced Microsoft to temporarily suspend active links in its Live Messenger 2009 to prevent the aggressive instant messaging (IM) worm spreading. Instant messaging is a very effective way for malware to stay active and thrive. As time progresses, cybercriminals are refining their techniques to lure potential victims to visit malicious hyperlinks.
Mark James, technical manager at ESET UK comments, “This is quite a surprising measure, because worms spreading through Instant Messaging (IM) such as Skype, Yahoo! Messenger and Microsoft Live Messenger are not new at all. For example, the AimVen worm was discovered in 2003 and was targeting the America Online Instant Messenger platform,”
James continues, “The modus operandi for this type of attack is simple. First the victim receives a message that contains a hyperlink from one of their contacts, clicks on it and gets infected. The worm can also use geo-localisation in order to use the victim’s language and even relate to news or events trending in the victim’s country. These advanced techniques may trick even the most cautious users.
ESET has compiled seven golden security rules while instant messaging:
1. Opening pictures, downloading files or clicking links should be avoided at all cost in case it comes from someone you do not know. Do not open suspicious files or links even if they come for someone you know; try to confirm with the person on the origin of the attachment.
2. Do not reply to messages from people you don’t know if you were not expecting them. If someone you do not recognise sends you a request to add him/her to your contacts, decline the request if not sure about the identity of the contact.
3. Unwanted messages ought to be blocked – blocking spam or messages from strangers might be easier than you think – most IM software allows you to create your own contact list.
4. Do not post sensitive information and private data in instant messages, especially refrain from sharing credit card numbers, banking details, passwords or important personal identification data like phone number or addresses. You should also avoid sharing information about your IM name or e-mail contact over the Internet.
5. Your Instant Messaging should also have as strong a password as any other account. Always use different passwords for different accounts and other online services (such as online banking, e-mail). Do not recycle your password. If you log in on public or shared computer, make sure to uncheck the automatic login feature.
6. Avoid meeting strangers that you have met online while instant messaging. If you decide to meet someone in real person anyway, take safety precautions – bring someone along with you.
7. Turn off your Web camera if you are not using it, as some malware allows criminals and strangers to spy on you through your own webcam. If you have an integrated camera, always check the control light that it is off when you are not using it.