In-Depth

Briefs

IM Migration Deals, Mobile Viruses, and Zip-File Vulnerabilities

AOL’s IM Escape Plan, As Public IM Use Grows
Secure IM grows even as many users stick with public services

Windows Mobile Gets Proof of Concept Virus
Demonstration shows potential for mobile viruses

Bagle variant at large
New worm can spread using password-protected zip files

===

AOL’s IM Escape Plan, As Public IM Use Grows

Despite ongoing recommendations from security experts that businesses adopt non-public instant messaging (IM) services or ban IM use altogether, use of public IM services such as AOL instant messenger (AIM), Yahoo Messenger, and MSN Messenger inside organizations remains prevalent.

Still, “enterprises relying on public networks for their IM needs are not only at risk from outside threats, but will find these kinds of unprotected IM systems simply don’t meet the compliance standards of today,” says Genelle Hung, a Radicati Group analyst.

Nevertheless, Yahoo recently pulled the plug on its Yahoo Business Messenger (YBM), its enterprise IM product. AOL likewise exited the paid instant-messaging (IM) space, discontinuing AIM Enterprise Gateway. AOL and Yahoo retain their free services; they’re the top two IM services by use.

AOL said it would hand existing customers to IMLogic. Other vendors also offered to fill the gap with free transitions to products that formerly competed with AOL’s. FaceTime, for example, will give current AOL customers a free transition to its IM Auditor 5.0, parts of which actually ran AOL’s enterprise offering, as well as free technical support during the transition. Likewise, Akonix offered to move former AOL—and also YBM—customers to Akonix L7 Enterprise. As with FaceTime, Akonix offers free support for the transition, and a free “transition license” for its product.

Despite the high-profile enterprise IM exits, research firms predict 2004 will be a banner year for enterprise IM adoption. Even so, the Radicati Group predicts that in the next four years, 88 percent of business IM users will still be using the public networks.

Related Articles:

Best Practices: Securing IM Against Attacks
http://info.101com.com/default.asp?id=8408

Case Study: Secure IM and Workspaces for Project Teams
http://info.101com.com/default.asp?id=7209

- - -

Windows Mobile Gets Proof of Concept Virus

Meet Duts, the first virus for Microsoft’s mobile operating system, which runs many PDAs and smart phones.

“Duts is a proof-of-concept malicious program; it demonstrates that Windows Mobile is vulnerable to infection. Our tests show that the virus can effectively propagate in such an environment,” says Eugene Kaspersky, head of anti-virus research at Kaspersky Labs.

Duts was reportedly created by the virus-writer known as “Ratter,” who also designed the recent Cabir, a proof of concept—and the first—worm for the Symbian operating system.

The 1520-byte file can infect mobile devices via e-mail, the Internet, removable memory, synchronization with a PC, or by using Bluetooth technology. Despite its ability to spread, however, Kaspersky doesn’t expect an outbreak, since few files get infected with each transmission, and Duts signals its presence, asking “Dear User, am I allowed to spread?” whenever launched.

If a user clicks the “yes” button, then Duts writes itself to the end of all files larger than 4 Kbytes in the user’s root directory. Still, “Duts does not appear to have any destructive payload,” notes Kaspersky. Its existence, however, brings “the first global outbreak caused by a mobile virus closer and closer,” he says.

Related Articles:

Configuration Management Goes Mobile
http://info.101com.com/default.asp?id=6742

Case Study: Fielding Service Calls Securely
http://info.101com.com/default.asp?id=5416

- - -

Bagle Variant At Large

A new Bagle variant, W32/Bagle.ai@MM, is in the wild, warns vulnerability information provider Secunia, which rates the current risk as “medium.”

The mass-mailing worm spreads with a spoofed address and may contain this body text: “foto3 and MP3”, “predators,” or “lovely animals.” The worm also includes a password in the body, so labeled, when sending itself as a password-protected zip file.

Indications of infection include port 1080 (TCP) and 1040 (UDP) open, outgoing messages with the above characteristics, and file and registry manipulation.

Bagle, says Secunia, “contains its own SMTP engine to construct outgoing messages.” In addition, it can harvest addresses from the victim’s machine, notify a hacker and grant remote-access capability, copy itself to peer-to-peer file-sharing folders on the victim’s computer, mutate its name, disable other versions of Bagle already on the computer, delete the registry for some types of security software, and also terminate their processes.

Related Article:

Case Study: Managing Zip Files with Security Controls
http://info.101com.com/default.asp?id=8565

About the Author

Mathew Schwartz is a Contributing Editor for Enterprise Systems and is its Security Strategies column, as well as being a long-time contributor to the company's print publications. Mr. Schwartz is also a security and technology freelance writer.

Must Read Articles