![]() Some send links to malicious code to all users on a victim's buddy list, while others post a link in the victim's profile which is likely to be clicked by that user's buddies. ![]() Several new worms and Trojans have taken advantage of IM networks to propagate. Other threats involve socially engineering users of IM clients. Some can even send their traffic over the default HTTP port 80, where packets are often less scrutinized by firewalls. In these instances, blocking traffic on the a client's default port is often not enough - most clients are programmed to try a number of different ports to send messages if one is blocked. Computers were vulnerable even when the the messenger was not even logged on to a network. An attacker could send another user a buddy icon whose "source" parameter contained more than 3000 characters, overflowing the stack and causing the computer to run arbitrary code. An older version of AIM, for example, made computers vulnerable to an attack through the Buddy Icon feature. IM applications open ports on computers that make them vulnerable to threats like buffer overflow attacks where attackers can exploit vulnerabilities in the software to take control of client computers. While most of the negative impacts of IM traffic on a network have to do with degraded performance through increased traffic, there are several more serious threats. While this type of communication can be useful, it can also damage productivity, increase network traffic, and open the network to a variety of threats that exploit client software vulnerabilities or socially engineer users to compromise network security. ![]() Most clients allow users to do more than send text messages to one another: they allow users to post links in profiles and messages, exchange voice and video content, and send trasfer files up to 10MB. These client include AOL Instant Messenger (AIM), Yahoo! Instant Messenger, MSN Messenger, and others. Instant Messaging is realtime chatting that users can participate in over the internet using a variety of messaging clients. This SonicWALL IPS signature category consists of a group of signatures that can detect and prevent Instant Messaging based network traffic.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |