It Doesn’t Hurt to Ask

Instant messaging is a very successful means for the bad guys to get their software onto your computer. It is also very easy.

If a virus infects your friend’s computer’s instant messaging program then it can “type” anything into the chat windows and it will look like your friend said it. It can provide a link for you to click that may lead you to malicious software.

Recently I opened a chat with a friend in Viet Nam. In a few seconds I got a link I was not expecting. Most users would have simply clicked on the link believing that their friend sent it to them.

I asked my friend “Did you send me this link?” When she said no, then I helped her to disinfect her computer! I knew not to click on the link.

The most effective way to keep from being infected by IM is to ask! Ask now, click later, not the other way around. It is one thing if I am chatting and the link I am sent makes sense in the context of an existing conversation, but if I simply get an unexpected link, I will always ask the sender if they actually sent it to me. There are no exceptions.

There is one other precaution you should take. With Windows Live Messenger if you go into the “Tools” menu and then select “Options”, the “File Transfer tab lets you  choose a setting that automatically rejects transfers of known unsafe file types. This prevents Windows Live Messenger from downloading most malicious software. You can still be tricked into following a link and downloading malware from your browser though, so ask!!!

Randy Abrams
Director of Technical Education

Author ESET Research, ESET

  • Fred Edstrøm

    Hello! Have you heard about a keylogger with name Goldeneye. Have some experians with this or maybe Nod32 take care of it?

    Try to reach the Norwegian Nod32 office, but the phone number they had dont work anymore +47 23 17 26 00

    Best Regards from

    Fred Edstrøm
    Norway

  • http://www.k7computing.com AJ

    I wonder whether even then you would escape, if the IM bot is clever enough. You’re making two assumptions. One is that your friend isn’t the victim of social engineering and is actually sending you the link to a maliciously compromised site – this would be rather like the typical email borne worms, where the user must download the attachment and run it. In this case the link would come through IM, take the user to a site that they enjoyed the content of, and then asked them if they wanted to send the link to all their online friends.
    The second is that that the sending bot could be ‘smart’ enough to reply to your query and say yes.
    Of course, there’s also the possibility that your friend is malicious, but just because I’m paranoid doesn’t mean they’re not out to get you ;-)

    A

  • Randy Abrams

    If I relied exclusively upon the response in the IM environment, then the scenarios you present could be effective. There is no silver bullet. Trying to validate transfers in IM or email is just one layer of defense. It can be a highly effective layer, but obviously cannot be assumed to protect 100% of the time. Still, that a solution is not perfect does not render it useless.

    In my case, if a link that didn’t make sense in the context of the conversation was sent, in addition to asking if the sender meant to send the link, I would ask why. I would try to understand the context. Then I would also have anti-virus software in place, and if I decided to click the link it would be sand boxed to limit damage.

    Randy Abrams
    Director of Technical Education

  • http://www.smallblue-greenworld.co.uk David

    Hello, Fred.

    I don’t have a number for an ESET office in Norway. I think you need one of the contact points/numbers/email addresses at http://www.esetscandinavia.com/company/contact/.

    David Harley
    Malware Intelligence Team

  • Kresirys

    Hi,David Harley:
    Did you hear about “In-the-cloud” technology?

    For example:
    Panda’s called “Collective Intelligence”,McAfee’s called “Artemis” and Symantec’s called “Norton Community Watch”.

    In the latest AV-Test result,all of above with 2009 products had the better detection rate and faster respond time than 2008s.

    Will ESET develop similar technology?

    Or just keep using your positive technology for hundred of years?

  • http://www.smallblue-greenworld.co.uk David

    ESET does use “in-the-cloud” technology, though not in the exact same, limited sense that AV companies tend to use the term right now. Our product range is continuously reviewed and updated. I can’t tell you exactly what changes are in the pipeline (I don’t know all of them), but we won’t be standing still.

    David Harley
    Malware Intelligence Team

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.