Beware of your 'buddies'



Hackers are exploiting browser security flaws to hijack instant messaging (IM) accounts, security experts have warned, according to a article.

Using what are known as application programming interfaces (a set of routines, protocols, and tools for building software applications), hackers have developed worms or Trojans that can capture a remote user's list of IM correspondents, or 'buddies'.

By grabbing a user's buddy list rather than scanning for vulnerable IP addresses, these worms have the potential to be more virulent than predecessors like Code Red, Slammer or Blaster, which spread over the internet rather than over IM networks, warned Neal Hindocha of Symantec Security Response.

Usually the victim is led to a website, either by a distributing link through IM or via an email with a link to the webpage, which then automatically downloads a worm or trojan.

One program hijacks an already running AOL IM (AIM) account, changes the password and sends a message to the buddies list with a link to a malicious web page.