Instant Messengers on Other Peoples Infected Machines Can Hurt You
by Eirik Iverson, Product Management
This past weekend, I caught up with an old friend. He told me what he’s been up to in his life and career and I told him about mine. This led him to ask me about malware.
He recently got a new computer, installed some software, but decided that the easiest way for him to redo what he had just done was to do a System Restore. But, he found that System Restore had been nuked. He’d done no web browsing and hadn’t yet migrated his email. His machine was only days old and it was infected.
I asked him what he had installed. All of it had come from credible vendors. He couldn’t understand how his relatively virgin system with up-to-date AntiVirus software could have become infected. Our exploratory conversation led us to suspect an instant messenger attack vector because that was about all he’d done with his new computer.
Fortunately, he religiously maintains logs of his instant messenger conversations because he conducts a lot of his custom database application development business with it. We went over his logs, which included some file transfers. At my request, he contacted each of the senders via email to confirm that they had in fact sent the various files. One of them had not sent one of the files.
Yes, this person’s machine was infected. The malware running on the other person’s machine is able to send malicious files and messages via instant messaging software. To the recipients, these messages and files appear to be originating from a known source. It’s not enough to trust the person at the other end these days. The health of the other person’s machine matters too. BTW, the other malware indicator was that the transmitted file had mysteriously disappeared from my friend’s machine.
So, after he finishes rebuilding his brand new desktop, he’s going to install some free software that I recommended. It will protect him from these attacks. And, he won’t have to confirm instant messenger file transmissions. But, security software or not, I suspect he’ll confirm anyway for quite some time.