IM Security

Instant messaging (IM) is becoming more popular as a means of transmitting viruses to your computer. To avoid virus infection via IM:

  • Avoid unknown or suspicious IM links.

  • If you doubt the validity of an IM link you received, ask for more information from the link's sender.

  • Do not install files or run programs via IM links. Instead, close any installation windows associated with the file or program, and ask the sender for the file's or program's URL so you can check its validity.

You can infect your computer with an AOL Instant Messenger (AIM) Trojan by clicking a link that the infection places in an AIM buddy's Away Message window. The link usually has a short text message such as "View my pictures at the beach!" or "See my valentines pictures!" (often accompanied by a smiley icon), or is a link such as "LOL: " Other messages may appear, but the common symptom is a link to a URL which, if you click it, downloads the virus. The exact URL changes as previous hosts get shut down.

Most AIM Trojans install Trojan files, spyware programs, and back doors. Back doors are system level compromises; a remote attacker can install software and run it on your computer without your knowledge. Commonly, these programs are mail relays for spreading spam, or zombie programs to make your computer a participant in a denial of service (DoS) attack. However, nothing stops an attacker from installing password- or keystroke-logging software, which can steal your bank or credit card PINs and compromise your computer accounts (e.g., email).

Information supplied courtesy of the Indiana University UITS Knowledge Base.