Instant Messaging

Keep children safe when using IM

Instant Messaging (IM) is rapidly increasing in use as a standard form of communication. It allows instant communication amongst friends and family, and is especially popular amongst young persons. The benefit is that you can see if someone is online and available to talk to you. If you add in webcams and file sharing programs you can see why it is so popular. You can also start up a conversation from the point you left it at and conduct other tasks without appearing rude to the other person!

The ease of IM also means that there are a number of dangers to look out for. Your children can be involved in a conversation that is hard to monitor, and with a stranger who may not be who they say they are. IM can make you susceptible to other threats like worms and virus’ as well as social engineering to try and induce you to give out personal details and information.

IM and cyber crime

IM is also an increasingly popular way for cyber criminals to distribute worms, viruses, and Trojans, and to commit fraud. Hackers like to target IM because they can use network ports that are already open for the IM client instead of having to open suspicious new ports. Cyber criminals exploit IM’s user-friendly features and find potential victims simply by choosing from an updated directory of buddy lists. The cyber criminals also receive a notification each time their victims’ computers are online.

Today, sophisticated multi-faceted attacks are launched through IM as frequently as they are through email. Hackers exploit operating system and browser vulnerabilities to deliver malicious software (malware) like Trojan key loggers and screen scrapers that steal personal information, and to turn PCs into hijacked “zombies” used to commit crimes.

Password-stealing Trojans allow criminals to pilfer a user’s logon information and impersonate them using a man-in-the-middle attack. If the IM protocols don’t encrypt network traffic, the hacker can slip messages into an existing IM chat session and pretend to be the victim, causing embarrassment and the opportunity for fraud.

A hacker can also cause a Denial of Service (DoS) attack on an IM client by flooding a particular user with a large number of messages to slow down or crash their machine. Most IM clients protect against DoS attacks by allowing the victim to ignore certain users; but in the midst of an attack, it may be hard to get out from under the flood of messages to ban the sender.

Top 10 ways to defend against IM threats

Consumers can protect themselves from viruses, worms, and Trojans delivered through IM. By following some basic rules, it’s easy to keep these threats from slowing you down.

  • Choose your screen name carefully. Don’t use your real name, email address, or other personally identifiable information.
  • Only share your screen name with people you trust, and ask them to keep it private. Only communicate with people on your contact or buddy list. To prevent “spim” (IM spam), use settings to block messages from people you don’t know.
  • Don’t display your screen name or email address in public places such as Internet directories or personal profiles. Some IM services link your screen name to your email address when you register. Consider setting up a secondary email account if this is the case, since your address could be harvested for phishing attacks.
  • Never provide private information like account numbers or passwords in an IM conversation. Network sniffers can intercept unencrypted IM traffic. Anti-virus software and a firewall will protect you from Trojans and viruses, but cannot protect your information once it leaves your PC.
  • Fortify your computer with strong security software and keep it up to date. The McAfee Internet Security Suite for Sky Broadband customers guarantees trusted PC protection from viruses, hackers and spyware. Its cutting-edge features include X-Ray for Windows, which detects and kills rootkits and other malicious applications that hide from anti-virus programs. Its integrated anti-virus, anti-spam, anti-spyware, anti-phishing, firewall, and backup technologies work together to combat today’s sophisticated, multi-pronged attacks.
  • Configure your IM application correctly. Make sure it does not open automatically when you fire up your computer. Turn off your computer and disconnect the DSL or modem line when you’re not using it.
  • Enable automatic Windows updates, or download Microsoft updates regularly, to keep your operating system patched against known vulnerabilities. Install patches from other software manufacturers as soon as they are distributed. A fully patched computer behind a firewall is the best defense against Trojan and spyware installation.
  • Configure your anti-virus software to automatically scan all email and IM attachments and downloaded files. Never open attachments from people you don’t know. If you know the sender, contact them to confirm the file is trustworthy. Beware of spam-based phishing schemes – don’t click on links in emails or instant messages.
  • Be careful when using P2P file sharing with IM. Trojans sit within file sharing programs waiting to be downloaded. Avoid files with the extensions .exe, .scr, .lnk, .bat, .vbs, .dll, .bin, and .cmd. Configure your file settings to limit the folders that other users can access.
  • Monitor and limit your children’s use of IM. Put the computer in a high traffic family area and limit nighttime use.

Read Morehere