Pin Me

Introduction to IM (Instant Messaging) Threats

written by: Ashwin Satyanarayana•edited by: Ronda Bowen•updated: 7/4/2011

Internet Messaging happens to be a popular means to chat with someone, no matter where this someone is located. But did you ever stop to think that when this communication is being done from within a company, it could be a huge, crippling, enterprise risk? See how IM Threats work

  • slide 1 of 2

    How Dangerous are IM's?

    Internet messengers have a plausible advantage over email when it comes to communication: the possibility of communicating real time. Internet messaging is now the communication protocol of choice for lots of companies through-out the world and they have even gone “ Open to Public”. However, communicating over the IM has a lot more concerns than the evident advantages. For instance, IM is one bare-all way to communicate and is ultra-vulnerable to security attacks.

    As more and more people begin to use Internet messaging, the more the chances are the security threats can proliferate. For email, Internet Browsing and lot of other functions, users have begun to understand the complications involved in Internet Security and have started taking necessary steps towards the same, but the Internet Messaging arena has been left mostly abandoned.

    Furthermore, IM is not just about PCs and Laptops – the plethora of options available today include other mobile devices like netbooks, PDAs, Blackberrys and smart phones. When to comes to company specific problems, we have employees leaking out company data through casual text chatting off these Internet Messaging platforms. These Internet Messengers are also used for impersonation attacks, Identity thefts and social engineering attacks.

    One instance of vulnerability of an Instant Messenger is the fact that no communication session on an Instant Messenger is ever encrypted. The communication session is entirely carried out using simple text messages which are just as open to tap into as a public telephone booth is. That literally means that the evil guys out there can simply snoop into your conversations. This is also called as 'Virtual Eavesdropping' or 'Sniffing'. Sometimes, even file transfers can be done in this manner which is an entirely another ball game altogether.

  • slide 2 of 2

    Spoofing & Javascript Threats

    IM systems are also vulnerable to “Spoofing”which is an act of impersonation by the attacker wherein the attacker pretends to be someone else while the victim has no idea about the impersonation. IM provides a lot of ground for such Impersonation attempts and this virtually goes unchecked.

    Another turbulent area when it comes to IM threats is the fact that some of the Instant Messaging Platforms allow Javascript and other such scripts to run so as to enhance the chatting experience on the messaging platforms; but this has another effect on the negative side. IM Systems that allow these scripting languages to run are more vulnerable to malicious attacks than those which provide none. These systems which have scripting languages also are more susceptible to virus attacks and worms.

    Since a lot of users – both individuals and also employees within companies – have no idea about the egregiousness of these attacks, virus writers have begun to target these IM platform to plant their malicious payloads.

    Instant Messenger threats have a very high threat level and can cause problems in the areas of Identity theft, business data loss, social engineering and corporate espionage and is something that must be looked out for, in the area of enterprise security.