October 12, 2005 4:30 PM PDT

Experts: Microsoft-Yahoo alliance is food for IM worms

Related Stories

Yahoo, Microsoft join IM hands

October 12, 2005

Worms biting harder into IM, P2P

October 3, 2005

IM worm speaks your language

August 24, 2005
The planned bridge between MSN Messenger and Yahoo Messenger has one drawback, experts warn: It could act as a conduit for a massive IM worm outbreak.

On Wednesday, Microsoft and Yahoo announced that they would make their instant-messaging services interoperable. By the middle of next year, users of both are expected to be able to exchange instant messages, see if their contacts are online, share emoticons, add friends from either service and make PC-to-PC voice calls.

But the partnership has a flipside, an instant-messaging security expert said. "As Microsoft, Yahoo and others connect their global IM networks, IM worms will spread faster and attack a larger population of end-users," said Jon Sakoda, chief technology officer at messaging security company IMlogic.

Instant-messaging service users are being hit with more worm and malicious code attacks than ever before. The number of threats detected for IM and peer-to-peer networks rose 3,295 percent in the third quarter of 2005, compared with last year, according to a recent IMlogic report. The company sells products to help businesses protect themselves against IM-borne pests, in competition with companies such as Akonix Systems.

"A worm could proliferate further and faster on the combined network," Akonix spokesman Don Montgomery agreed. "The need for security rises as we now have a much bigger network and much more usage."

The alliance could turn up the heat on people using Yahoo IM. Microsoft's network is the most popular object of IM worms, as 62 percent of attacks in the third quarter this year were aimed at MSN Messenger or Windows Messenger, IMlogic said. In the same period, only 7 percent of IM worms went after Yahoo Messenger.

"Worms that are traditionally targeting MSN will also target the Yahoo users," Sakoda said.

America Online's AOL Instant Messenger dominates the instant-messaging arena in the United States, tallying 51.5 million users in September, according to research firm Nielsen/NetRatings. That compares with 27.3 million for MSN and 21.9 million for Yahoo.

Providing a secure IM service is top priority at Yahoo and Microsoft, said Terrell Karlsten, a Yahoo spokeswoman. "This priority is certainly extending to the interoperability between our two communities," she said. "We will certainly continue to innovate together and leverage our collective best practices to keep IM safe and secure."

Yahoo's statement was echoed by Microsoft. "Microsoft and Yahoo share a commitment to deliver IM interoperability while keeping consumer security, safety and privacy top of mind," Brooke Richardson, a lead product manager for MSN at Microsoft, said in an e-mailed statement.

16 comments

Join the conversation!
Add your comment
Overstated?
Worms generally spread by taking advantage of errors in the code which allow things like buffer overruns. But this sounds like sharing of protocols, not implementations of the IM client. Unless the implementations share the same bugs, it doesn't seem like this increases the risk much.
Posted by pkorona (9 comments )
Reply Link Flag
Worm will have to be more complex
A cross network worm is still possible but it has to exploit different vulnerabilities in both networks. It's unlikely to actually happen though since it's going to increase the complexity of the worm beyond that ability of the type of cretin that writes them.
Posted by aabcdefghij987654321 (1721 comments )
Link Flag
Overstated?
Worms generally spread by taking advantage of errors in the code which allow things like buffer overruns. But this sounds like sharing of protocols, not implementations of the IM client. Unless the implementations share the same bugs, it doesn't seem like this increases the risk much.
Posted by pkorona (9 comments )
Reply Link Flag
Worm will have to be more complex
A cross network worm is still possible but it has to exploit different vulnerabilities in both networks. It's unlikely to actually happen though since it's going to increase the complexity of the worm beyond that ability of the type of cretin that writes them.
Posted by aabcdefghij987654321 (1721 comments )
Link Flag
?
The first thing I do with any new computer of mine is uninstall Microsoft's instant mess.
Even though I'm an SBC/Yahoo DSL customer I refuse to install any of their junk either.
I don't really understand what is wrong with IRC, it's been around forever, it's safe when used with a little common sense etc. Oh, I know it doesn't have 32bit true color smiley faces :-(
Posted by Muddleme (99 comments )
Reply Link Flag
:-(
When I actually typed a colon, hyphen, and an opening parenthesis I was making a statement.
I didn't realize this web site was going to automatically turn it into a 32bit true color smiley face that looks a little blue to me.
Guess I made my point.
Posted by Muddleme (99 comments )
Link Flag
?
The first thing I do with any new computer of mine is uninstall Microsoft's instant mess.
Even though I'm an SBC/Yahoo DSL customer I refuse to install any of their junk either.
I don't really understand what is wrong with IRC, it's been around forever, it's safe when used with a little common sense etc. Oh, I know it doesn't have 32bit true color smiley faces :-(
Posted by Muddleme (99 comments )
Reply Link Flag
:-(
When I actually typed a colon, hyphen, and an opening parenthesis I was making a statement.
I didn't realize this web site was going to automatically turn it into a 32bit true color smiley face that looks a little blue to me.
Guess I made my point.
Posted by Muddleme (99 comments )
Link Flag
What!?
With Yahoo and MSN combining with 5 mil. less than AIM, isnt AIM a bigger problem with worms than Yahoo or MSN combined? There will still be a lot of users, but AIM still has 5 mil. more than both of them combined.. they way I see it, I wont worry until all three of them merge togeather.
Posted by (75 comments )
Reply Link Flag
What!?
With Yahoo and MSN combining with 5 mil. less than AIM, isnt AIM a bigger problem with worms than Yahoo or MSN combined? There will still be a lot of users, but AIM still has 5 mil. more than both of them combined.. they way I see it, I wont worry until all three of them merge togeather.
Posted by (75 comments )
Reply Link Flag
Don't even think about it!
I use yahoo for one major reason. That is to IM without having to worry about anything. Right now, Yahoo messanger is the most secure IM I found. You cannot screw it up. With the add vent of adding Microsoft (**********) to the mix, you will find a bunch of hackers, black hats, and everybody trying to place every virus known to mankind on your system. And it happened before.

AOL 6.0 and up for example. They added Microsoft (Crappysoft) to the AOL software and the minute I dialed in, a whole bunch of Adware, viruses, tracking software, and more ended up on my computer which brought the system to its knees. I could not do anything on the system. On the next start up, I got the blue screen of death. The only thing left was to rebuild my system from scratch which took several hours. After the rebuild, I tried to dialed in and it happens again. After that, I said, "$@%# Microsoft and AOL." Now I am on Cable modem with Router.

I did ask them why and they said, "Its improves speed of there service." I said, "Yea right, it improves the speed of getting a virus. Of course, support did not care and they stuck to there speed theory. As you know, I left there service because of it.

WHY DON'T ANYONE UNDERSTAND THAT MICROSOFT IS THE WORSTEST SOFTWARE ON THE FACE OF THIS PLANET!!!! STOP JOINING MICROSOFT!!!! STILL THE EVIDENCE KEEPS POINTING TO THERE CRAPPY SOFTWARE IS THE CAUSE FOR VIRUS TO GET ONBOARD YOUR COMPUTER!!!!!!!! AS USUAL, MICROSOFT WILL TRY TO DISCLAIM THE TRUTH.

All I want to say to Yahoo is, "Don't even think about joining microsoft!!!!!!!!!!!!!!!!!" Yahoo is the best thing that ever happened and I don't want it to change.
Posted by The Vanish (10 comments )
Reply Link Flag
Don't even think about it!
I use yahoo for one major reason. That is to IM without having to worry about anything. Right now, Yahoo messanger is the most secure IM I found. You cannot screw it up. With the add vent of adding Microsoft (**********) to the mix, you will find a bunch of hackers, black hats, and everybody trying to place every virus known to mankind on your system. And it happened before.

AOL 6.0 and up for example. They added Microsoft (Crappysoft) to the AOL software and the minute I dialed in, a whole bunch of Adware, viruses, tracking software, and more ended up on my computer which brought the system to its knees. I could not do anything on the system. On the next start up, I got the blue screen of death. The only thing left was to rebuild my system from scratch which took several hours. After the rebuild, I tried to dialed in and it happens again. After that, I said, "$@%# Microsoft and AOL." Now I am on Cable modem with Router.

I did ask them why and they said, "Its improves speed of there service." I said, "Yea right, it improves the speed of getting a virus. Of course, support did not care and they stuck to there speed theory. As you know, I left there service because of it.

WHY DON'T ANYONE UNDERSTAND THAT MICROSOFT IS THE WORSTEST SOFTWARE ON THE FACE OF THIS PLANET!!!! STOP JOINING MICROSOFT!!!! STILL THE EVIDENCE KEEPS POINTING TO THERE CRAPPY SOFTWARE IS THE CAUSE FOR VIRUS TO GET ONBOARD YOUR COMPUTER!!!!!!!! AS USUAL, MICROSOFT WILL TRY TO DISCLAIM THE TRUTH.

All I want to say to Yahoo is, "Don't even think about joining microsoft!!!!!!!!!!!!!!!!!" Yahoo is the best thing that ever happened and I don't want it to change.
Posted by The Vanish (10 comments )
Reply Link Flag
Trillian
Well, I use Trillian, and I haven't been affected by any IM viruses yet... And I get to talk to people from almost every messenger on the Web. :)
Posted by RoseBlood74 (8 comments )
Reply Link Flag
Trillian
Well, I use Trillian, and I haven't been affected by any IM viruses yet... And I get to talk to people from almost every messenger on the Web. :)
Posted by RoseBlood74 (8 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.