Instant messaging is a very successful means for the bad guys to get their software onto your computer. It is also very easy.
If a virus infects your friend’s computer’s instant messaging program then it can “type” anything into the chat windows and it will look like your friend said it. It can provide a link for you to click that may lead you to malicious software.
Recently I opened a chat with a friend in Viet Nam. In a few seconds I got a link I was not expecting. Most users would have simply clicked on the link believing that their friend sent it to them.
I asked my friend “Did you send me this link?” When she said no, then I helped her to disinfect her computer! I knew not to click on the link.
The most effective way to keep from being infected by IM is to ask! Ask now, click later, not the other way around. It is one thing if I am chatting and the link I am sent makes sense in the context of an existing conversation, but if I simply get an unexpected link, I will always ask the sender if they actually sent it to me. There are no exceptions.
There is one other precaution you should take. With Windows Live Messenger if you go into the “Tools” menu and then select “Options”, the “File Transfer tab lets you choose a setting that automatically rejects transfers of known unsafe file types. This prevents Windows Live Messenger from downloading most malicious software. You can still be tricked into following a link and downloading malware from your browser though, so ask!!!
Director of Technical Education
Author ESET Research, We Live Security