Experts: Microsoft-Yahoo alliance is food for IM worms

The planned bridge between MSN Messenger and Yahoo Messenger has one drawback, experts warn: It could act as a conduit for a massive IM worm outbreak.

On Wednesday, Microsoft and Yahoo announced that they would make their instant-messaging services interoperable. By the middle of next year, users of both are expected to be able to exchange instant messages, see if their contacts are online, share emoticons, add friends from either service and make PC-to-PC voice calls.

But the partnership has a flipside, an instant-messaging security expert said. "As Microsoft, Yahoo and others connect their global IM networks, IM worms will spread faster and attack a larger population of end-users," said Jon Sakoda, chief technology officer at messaging security company IMlogic.

Instant-messaging service users are being hit with more worm and malicious code attacks than ever before. The number of threats detected for IM and peer-to-peer networks rose 3,295 percent in the third quarter of 2005, compared with last year, according to a recent IMlogic report. The company sells products to help businesses protect themselves against IM-borne pests, in competition with companies such as Akonix Systems.

"A worm could proliferate further and faster on the combined network," Akonix spokesman Don Montgomery agreed. "The need for security rises as we now have a much bigger network and much more usage."

The alliance could turn up the heat on people using Yahoo IM. Microsoft's network is the most popular object of IM worms, as 62 percent of attacks in the third quarter this year were aimed at MSN Messenger or Windows Messenger, IMlogic said. In the same period, only 7 percent of IM worms went after Yahoo Messenger.

"Worms that are traditionally targeting MSN will also target the Yahoo users," Sakoda said.

America Online's AOL Instant Messenger dominates the instant-messaging arena in the United States, tallying 51.5 million users in September, according to research firm Nielsen/NetRatings. That compares with 27.3 million for MSN and 21.9 million for Yahoo.

Providing a secure IM service is top priority at Yahoo and Microsoft, said Terrell Karlsten, a Yahoo spokeswoman. "This priority is certainly extending to the interoperability between our two communities," she said. "We will certainly continue to innovate together and leverage our collective best practices to keep IM safe and secure."

Yahoo's statement was echoed by Microsoft. "Microsoft and Yahoo share a commitment to deliver IM interoperability while keeping consumer security, safety and privacy top of mind," Brooke Richardson, a lead product manager for MSN at Microsoft, said in an e-mailed statement.

[pkorona]

Overstated?

Worms generally spread by taking advantage of errors in the code which allow things like buffer overruns. But this sounds like sharing of protocols, not implementations of the IM client. Unless the implementations share the same bugs, it doesn't seem like this increases the risk much.

[aabcdefghij987654321]

Worm will have to be more complex

A cross network worm is still possible but it has to exploit different vulnerabilities in both networks. It's unlikely to actually happen though since it's going to increase the complexity of the worm beyond that ability of the type of cretin that writes them.

[pkorona]

Overstated?

Worms generally spread by taking advantage of errors in the code which allow things like buffer overruns. But this sounds like sharing of protocols, not implementations of the IM client. Unless the implementations share the same bugs, it doesn't seem like this increases the risk much.

[aabcdefghij987654321]

Worm will have to be more complex

A cross network worm is still possible but it has to exploit different vulnerabilities in both networks. It's unlikely to actually happen though since it's going to increase the complexity of the worm beyond that ability of the type of cretin that writes them.

[n3td3v]

Experts?

Why do the experts only make statements on what is obvious already and never come up with a solution, or is this just cnet's fault for the style of reporting. The new YMSN IM isn't coming out until next year, so whats the point in this story at the moment? YMSN have only just finished shaking hands. If the experts are really experts, they should be coming up with solutions for Yahoo and MSN, instead of answering CNET journalists requests for comment at such an early stage.

[n3td3v]

Experts?

Why do the experts only make statements on what is obvious already and never come up with a solution, or is this just cnet's fault for the style of reporting. The new YMSN IM isn't coming out until next year, so whats the point in this story at the moment? YMSN have only just finished shaking hands. If the experts are really experts, they should be coming up with solutions for Yahoo and MSN, instead of answering CNET journalists requests for comment at such an early stage.

?

The first thing I do with any new computer of mine is uninstall Microsoft's instant mess.
Even though I'm an SBC/Yahoo DSL customer I refuse to install any of their junk either.
I don't really understand what is wrong with IRC, it's been around forever, it's safe when used with a little common sense etc. Oh, I know it doesn't have 32bit true color smiley faces :-(

:-(

When I actually typed a colon, hyphen, and an opening parenthesis I was making a statement.
I didn't realize this web site was going to automatically turn it into a 32bit true color smiley face that looks a little blue to me.
Guess I made my point.

?

The first thing I do with any new computer of mine is uninstall Microsoft's instant mess.
Even though I'm an SBC/Yahoo DSL customer I refuse to install any of their junk either.
I don't really understand what is wrong with IRC, it's been around forever, it's safe when used with a little common sense etc. Oh, I know it doesn't have 32bit true color smiley faces :-(

:-(

When I actually typed a colon, hyphen, and an opening parenthesis I was making a statement.
I didn't realize this web site was going to automatically turn it into a 32bit true color smiley face that looks a little blue to me.
Guess I made my point.

What!?

With Yahoo and MSN combining with 5 mil. less than AIM, isnt AIM a bigger problem with worms than Yahoo or MSN combined? There will still be a lot of users, but AIM still has 5 mil. more than both of them combined.. they way I see it, I wont worry until all three of them merge togeather.

What!?

With Yahoo and MSN combining with 5 mil. less than AIM, isnt AIM a bigger problem with worms than Yahoo or MSN combined? There will still be a lot of users, but AIM still has 5 mil. more than both of them combined.. they way I see it, I wont worry until all three of them merge togeather.

[The Vanish]

Don't even think about it!

I use yahoo for one major reason. That is to IM without having to worry about anything. Right now, Yahoo messanger is the most secure IM I found. You cannot screw it up. With the add vent of adding Microsoft (**********) to the mix, you will find a bunch of hackers, black hats, and everybody trying to place every virus known to mankind on your system. And it happened before.

AOL 6.0 and up for example. They added Microsoft (Crappysoft) to the AOL software and the minute I dialed in, a whole bunch of Adware, viruses, tracking software, and more ended up on my computer which brought the system to its knees. I could not do anything on the system. On the next start up, I got the blue screen of death. The only thing left was to rebuild my system from scratch which took several hours. After the rebuild, I tried to dialed in and it happens again. After that, I said, "$@%# Microsoft and AOL." Now I am on Cable modem with Router.

I did ask them why and they said, "Its improves speed of there service." I said, "Yea right, it improves the speed of getting a virus. Of course, support did not care and they stuck to there speed theory. As you know, I left there service because of it.

WHY DON'T ANYONE UNDERSTAND THAT MICROSOFT IS THE WORSTEST SOFTWARE ON THE FACE OF THIS PLANET!!!! STOP JOINING MICROSOFT!!!! STILL THE EVIDENCE KEEPS POINTING TO THERE CRAPPY SOFTWARE IS THE CAUSE FOR VIRUS TO GET ONBOARD YOUR COMPUTER!!!!!!!! AS USUAL, MICROSOFT WILL TRY TO DISCLAIM THE TRUTH.

All I want to say to Yahoo is, "Don't even think about joining microsoft!!!!!!!!!!!!!!!!!" Yahoo is the best thing that ever happened and I don't want it to change.

[The Vanish]

Don't even think about it!

I use yahoo for one major reason. That is to IM without having to worry about anything. Right now, Yahoo messanger is the most secure IM I found. You cannot screw it up. With the add vent of adding Microsoft (**********) to the mix, you will find a bunch of hackers, black hats, and everybody trying to place every virus known to mankind on your system. And it happened before.

AOL 6.0 and up for example. They added Microsoft (Crappysoft) to the AOL software and the minute I dialed in, a whole bunch of Adware, viruses, tracking software, and more ended up on my computer which brought the system to its knees. I could not do anything on the system. On the next start up, I got the blue screen of death. The only thing left was to rebuild my system from scratch which took several hours. After the rebuild, I tried to dialed in and it happens again. After that, I said, "$@%# Microsoft and AOL." Now I am on Cable modem with Router.

I did ask them why and they said, "Its improves speed of there service." I said, "Yea right, it improves the speed of getting a virus. Of course, support did not care and they stuck to there speed theory. As you know, I left there service because of it.

WHY DON'T ANYONE UNDERSTAND THAT MICROSOFT IS THE WORSTEST SOFTWARE ON THE FACE OF THIS PLANET!!!! STOP JOINING MICROSOFT!!!! STILL THE EVIDENCE KEEPS POINTING TO THERE CRAPPY SOFTWARE IS THE CAUSE FOR VIRUS TO GET ONBOARD YOUR COMPUTER!!!!!!!! AS USUAL, MICROSOFT WILL TRY TO DISCLAIM THE TRUTH.

All I want to say to Yahoo is, "Don't even think about joining microsoft!!!!!!!!!!!!!!!!!" Yahoo is the best thing that ever happened and I don't want it to change.

[RoseBlood74]

Trillian

Well, I use Trillian, and I haven't been affected by any IM viruses yet... And I get to talk to people from almost every messenger on the Web. :)

[RoseBlood74]

Trillian

Well, I use Trillian, and I haven't been affected by any IM viruses yet... And I get to talk to people from almost every messenger on the Web. :)