Instant Messaging Vulnerabilities - Continued
Combine both and you have an unmatched platform to infect the computers and spread malware: you have the connection, you have the scripting and you have the contact list. What can an attacker want more? Nothing. Plainly nothing.
I'd like to take you back a few years and make you remember the famous “Love Letter" virus that spread widely on the Internet in a very small amount of time: it used e-mail programs' vulnerabilities, it had used the scripting support, and it was spread by using the contact list that the users kept on their computers. Now, the problem is worse, since the IM programs are always online and always connected, resulting in a faster malware spread rate.
And, if these are not enough, then consider the unencrypted data flying everywhere: what if an attacker listens to the conversations on the server rather than the clients?
Considering all above, it is no surprise that corporate IT personnel tries to block the IM traffic on the network. Compromising security for one client may take down the whole network.
What's worse, the IT personnel are seriously crippled by the abilities of the IM programs. The programs are designed with the firewalls in mind and they have everything they need to bypass the firewall rules. And they do not have one server, they have many. They have everything to disguise themselves from being seen.
Let's give an example: suppose that the program MyChat needs to connect the server mychat.myserver.com at port 9190 to operate. And let's further suppose that the network administrator blocked MyChat from connecting mychat.myserver.com at 9190. The client program will immediately try to connect mychat1.myserver.com from 9191. If this one is discovered, it will try mychat2.myserver.com from 9192. If the network administrator blocks all the ports, then MyChat will make a request from port 80, which is the port that the HTTP protocol runs: blocking port 80 will mean blocking the Web. And they will not do that with an IM identity, they will ask for connection as a normal web browser.
Still not enough, the IM programs allow file sharing. You know what I mean, a user can send a file to another user. What if the file he sends is an infected file? Or what if the filesize is so large that the transfer will result in a considerable load to the network? Or what if the file contains critical information about the company?
This brings us to another point: the security of the corporate data. IM clients allow fast connections and they can easily be used to transfer files to the outsiders. Using the IM programs inside the company is very useful (if done in a proper way) but the network administrators shall not forget the fact that there are also people who are outside the company but connected to the same IM network with the ability to sniff all the data. Now we have another serious problem.