Wednesday, October 04, 2006
The criminals behind a recent MSN worm have been quick to respond to MSN's updated network filters, and have already deployed a new method (which has already been seen in the wild) to bypass the filters. What is it? Offline messages. Windows Live Messenger (aka MSN Messenger 8) introduced the long awaited ability to send messages to offline users. Users of earlier versions of MSN Messenger can receive messages sent while they’re offline; they just can’t send messages to their contacts who are offline. Why is this important? It turns out that messages sent to offline contacts in WLM aren’t being filtered in any way! This means that the attackers can send any message they want, provided it’s to offline users. I know that messages are being sent to offline users, but at the moment it's not absolutely clear how this is being done. It's to be hoped that Microsoft will fix this loophole as soon as possible. We'll also be keeping our eyes open for an IM-Worm which sends messages specifically to offline contacts. Because of this kind of new problematic I've been interviewed today by the Belgian Broadcast TV-station VRT. If I got the time I will put the interview online within the next week ... and that will be a busy week for me ... I will be off to the yearly VB-conference, this time in Montreal, Canada.
<< Home