IM users warned to beware of intruders

Tens of thousands of people have reportedly been tricked into downloading malicious software onto their computers from Internet Relay Chat (IRC) and instant messaging (IM), said an incident report released by the CERT Coordination Center at Carnegie Mellon University.

CERT, a Pittsburgh-based security research and information service, said the intruders then use the victims’ computers “as attack platforms for launching distributed denial-of-service attacks.”

The CERT advisory said the messages often warn users that they have already been infected with a virus and instruct them to go to a Web address and download a program to clean their machine or face being banned from the IRC or IM system they’re using.

“This is purely a social engineering attack since the user’s decision to download and run the software is the deciding factor in whether or not the attack is successful,” said the report, authored by Allen D. Householder, an Internet security analyst at CERT. “Although this activity is not novel, the technique is still effective, as evidenced by the reports of tens of thousands of systems being compromised in this manner.”

CERT warned that once a system has been compromised, attackers may be able to:

— Exercise remote control

— Expose confidential data

— Install other malicious software

— Change or delete files

Dulles, Va.-based American Online Inc., which has more than 100 million registered users of IM sending 1.3 billion messages daily, said it was aware of the CERT warning and urged all of its members to use common sense and skepticism when chatting with others on the Web.

If a message ever “appears from out of the blue” warning a user of a threat, such as those cited in the CERT example, users should be skeptical, AOL spokesman Nicholas Graham said. Most people would question the credibility of a stranger calling on the phone asking for financial information, for instance, and they should carry that wariness to their online activities, he said.

“Never download files from strangers,” Graham said. “Online, know who you are dealing with. As for hyperlinks, the same also applies … don’t click on an unknown or strange link.”

Those sentiments are shared by CERT, which also recommends that home users have the latest version of antivirus software installed on their machines. Graham also said that home users should instruct their children in how to use the computer safely, noting that it makes no sense to take precautions just to have another user make a mistake.