Instant Messaging – Expressway for Identity Theft, Trojan Horses, Viruses, and Worms
By
Dee Scrip
By Dee Scrip ©All rights reserved
Never before with Instant Messaging (IM) has a more vital warning been needed for current and potential IM buddies who chat on line.
John Sakoda of IMlogic CTO and Vice President of Products stated that,
"IM viruses and worms are growing exponentially….Virus writers are now shifting the focus of their attack to instant messaging, which is seen as a largely unprotected channel into the enterprise."
Because Instant Messaging operates on peer-to-peer (P2P) networks, it spawns an irresistible temptation for malicious computer hackers. P2P networks share files and operate on industry standard codec (encyrption codes) and industry standard protocols, which are publicly open and interpretable. Anti virus software does not incorporate protection for Instant Messaging services.
Like sharks in a feeding frenzy, these hacker mercenaries view Instant Messaging clients as their personal “Cash Cow” because of the ease by which they can access your computer via the publicly open and interpretable standards, unleash a Trojan horse, virus, or worm, as well as gather your personal and confidential information, and sell it to other depraved reprobates.
Please, don’t be naïve enough to think it won’t or couldn’t happen to you!
Want to see how easy it is for hackers to access your Instant Messaging chat and what can happen to you as a result?
Did you know that some hacker-friendly providers offer processor chips that can be bought on the Internet? (I guess it would be pretty hard to walk into a store and ask the clerk to help them find a processor chip that could be used to illegally hack into a victim’s computer for the sole purpose of spreading malicious code or stealing someone’s identity!)
Did you know that hacker-friendly providers actually offer hacker software that enables these criminals to deliberately disable security on computers, access your personal and confidential information, as well as inject their Trojan horses, viruses, and worms?
Hacker manuals are also conveniently accessible via the Internet. One of these manuals shows how to DoS other sites. DoSing (Disruption of Service) involves gaining unauthorized access to the “command prompt” on your computer and using it to tie up your vital Internet services. When a hacker invades your system, they can then delete or create files and emails, modify security features, and plant viruses or time bombs onto your computer.
“Sniff” is a tool (originally intended to help telecommunication professionals detect and solve problems) that reprobate hackers use to tamper with the protocol and “sniff out” data. When hackers sniff out your IM data packet from Internet traffic, they reconstruct it to intercept conversations. This enables them to eavesdrop on conversations, gather information, and sell it to other depraved criminal entities.
Don’t set yourself up to be the next Identity Theft Victim because you like to chat using Instant Messaging.
Identity theft is one of the most sinister of vulnerabilities you can inadvertently be subjected to. Identity theft is defined by the Department of Justice as
“…the wrongful obtaining and using of someone else’s personal data in some way that involves fraud or deception, typically for economic gain.”
Identity theft is the by-product of hacker mercenaries obtaining your social security number (including those of your spouse and children), your bank account, your credit card information, etc., from the Internet. You become a virtual “Cash Cow” for hackers as your information is then sold to other felons for financial gain. Using your information, these criminals then:
· access your bank account funds
· create new bank accounts with your information
· create driver’s licenses
· create passports
Attorney General Ashcroft stated that,
"Identity theft carries a heavy price, both in the damage to individuals whose identities are stolen and the enormous cost to America's businesses.”
A group hosting a website known as shadowcrew.com was indicted on conspiracy charges for stealing credit card numbers and identity documents, then selling them online. While this group allegedly trafficked $1.7 million in stolen credit card numbers, they also caused losses in excess of $4 million.
According to a Press Release issued by the Department of Justice on February 28, 2005, a hacker was convicted of several counts of fraud, one in which
“…he fraudulently possessed more than 15 computer usernames and passwords belonging to other persons for the purpose of accessing their bank and financial services accounts, opening online bank accounts in the names of those persons, and transferring funds to unauthorized accounts.”
Trojan Horses, Viruses, and Worms – The Toxic Trio
According to Dictionary.com, a Trojan horse is “…a subversive group that supports the enemy and engages in espionage or sabotage---an enemy in your midst.” The toxic cargo of Trojan horses can include viruses or worms.
A Trojan horse is a program that Internet criminals use to interrupt and interfere with your security software and produce the following results
· Terminates processes
· Removes registry entries
· Stops services
· Deletes files
Hackers, who have gained access to your computer, because of the easily accessible programs and software as mentioned above, are enthusiastically incorporating this venomous little program into their arsenal of weapons.
As recently as March 4, 2005, a new Trojan horse was discovered that modified settings in Internet Explorer. Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, and Windows XP were the reported systems that could be affected.
On January 28, 2005, a press Release issued by the Department of Justice reported that a 19 year old was convicted for his criminal activity by “…creating and unleashing a variant of the MS Blaster computer worm.” Christopher Wray, Attorney General – Criminal Division stated that,
"This … malicious attack on the information superhighway caused an economic and technological disruption that was felt around the world.”
By the way, “malicious” is defined by Webster as “…intentionally mischievous or harmful”.
On February 11, 2005, in a Press Release issued by the Department of Justice, reported that another criminal was sentenced for circulating a worm. This worm,
“…directed the infected computers to launch a distributed denial of service (DOS) attack against Microsoft's main web site causing the site to shutdown and thus became inaccessible to the public for approximately four hours.”
March 7, 2005, Symantec.com posted discovery of a worm named “W32.Serflog.B” that spread through file-sharing networks and MSN Messenger – networks that operate on publicly open and interpretable industry standards administered by P2P systems that host Instant Messaging clients—none of which are protected, regardless of the anti virus software on your computer. The W32.Serflog.B worm also lowers security settings and appears as a blank message window on the MSN Messenger.
SOLUTION
Avoid at all costs, P2P file sharing networks as they operate on publicly open and interpretable industry standards. (Instant Messaging services run on P2P file sharing networks.)
If you like the convenience of text chatting via Instant Messaging, then why not consider an optimally secure VoIP (voice over internet protocol), also known as a Computer Phone, that incorporates the Instant Messaging feature. Make sure the VoIP internet service provider does not operate on P2P file sharing networks that use industry standard codec or industry standard protocols that are publicly open and accessible. (Don’t forget, these standards create the vulnerability which hackers are capitalizing on because of their easy accessibility.)
Optimally secure VoIP service providers that incorporate a secure Instant Messaging feature, operate from their own proprietary high end encryption codec on patented technology which is hosted in a professional facility. Simply put, when a VoIP internet service provider is optimally secure, the Instant Messaging feature on the VoIP softphone is also incorporated in their optimally secure technology.
Here’s the bottom line.
If you are currently using Instant Messaging of any sort, you need to make a decision:
a. Continue enticing hacker mercenaries and remain as a user of an Instant Messaging service, or
b. Take immediate corrective action.
If you decide to take immediate corrective action:
1. Find an optimally secure VoIP internet solution provider that includes the Instant Messaging feature in their proprietary patented technology.
2. Find an optimally secure VoIP internet solution provider that has their own proprietary high end encryption codec.
3. Find an optimally secure VoIP internet solution provider that has their own proprietary patented technology.
4. Find an optimally secure VoIP internet solution provider that hosts their proprietary patented technology in a professional facility.
Here’s a place you can look over to see what an optimally secure VoIP internet solution provider looks like--one that operates on their own proprietary high end encryption codec with their own proprietary patented technology hosted in a professional facility, AND one that incorporates the Instant Messaging feature.
http://www.free-pc-phone.com
**Attn Ezine editors / Site owners **
Feel free to reprint this article in its entirety in your ezine or on your site so long as you leave all links in place, do not modify the content and include the resource box as listed above.
About the author:
Dee Scrip is a well known and respected published author of numerous articles on VoIP, VoIP Security, and other related VoIP issues. Other articles can be found at http://www.free-pc-phone.com
Circulated by Article Emporium
|