Messenger has replaced almost all of my once common email with friends, family, and some co-workers. So far IM has been pretty safe from attackers. I’m getting a bit concerned though.
Last month, the Bropia trojan started making the rounds. It appears that once a machine is infected it messages all the contacts a trojan file via Messenger. Security analysts warn people not to accept files via IM unless they are expecting them. That’s a good idea. “Education” has worked well to limit the impact of email trojans and for the near term it’ll probably work reasonably well with IM trojans too. But I wouldn’t count on this lasting long.
The problem is that IM is not like email. The conversations are often terse and users are often multi-tasking so it doesn’t take much to conceive of getting tripped up.
“Just don’t click on an unexpected file,” is the advice today. Uh, but what if you were just talking with the person? Or at least what you thought was a person on the other end? How hard will it be to synthesize an IM conversation or to appended a trojan message to the current conversation? Makes me wonder.
If the “virus” writers have their way and no additional safegaurds are put in place, I’m guessing that in the not too distant future we’ll be suggesting to everyone not to click on any IM’ed file.