Results 1 to 4 of 4

Thread: Hackers learn to attack networks with IM

  1. #1
    Senior Member
    Join Date
    Aug 2004

    Hackers learn to attack networks with IM

    REM " i did a search to see if this was already posted and i found nothing, if it was posted once befor let me know and i will remove it....."

    Hackers learn to attack networks with IM
    October 12 2004
    by Dan Ilett
    'Shore up security this autumn' warns security expert
    Security experts have discovered an instant-messaging tool that could change the way denial-of-service (DoS) attacks are performed.
    Click here to find out more!
    E-mail to a friend
    Printer friendly
    Reader Comments
    Post your comment here

    Click Here!
    Combining the open-source tool nmap - a program that discovers devices on a network - with an IM bot, hackers can infiltrate, steal information and carry out denial-of-service attacks on networks, says the director of security for Whitehat UK, Jason Hart.

    IM runs over port 80, which is often regarded as a trusted port because internet traffic travels through it. Nmap uses ping requests and port scans to discover network devices.

    Hart said: "The bot could send itself to 10,000 addresses, which could then attack one IP address. This means that 'denial-of-service attack' has taken on a whole new meaning. What's worrying is that this would look internal."

    If instructed, the nmap bot is capable of a DoS attack by sending a massive amount of pings, a term hackers have dubbed 'the ping of death'.

    "IM has always been a major concern," said Hart. "Just imagine the consequences - it can do a ping of death from an internal address, which confuses administrators. And the technology might not know to protect from the inside."

    For the bot to run, it must be executed via either a download, an attachment or a .JPEG file - so won't run automatically. However, many of these approaches require little or no social engineering - hence the huge increase in simple phishing attacks. Although the tool is still in its 'proof of concept' stage, Hart said he has been able to make it work in the lab and that it may already have been used in the real world but simply been undetected.

    "Between now and Christmas we're going to see some major developments in the hacking world," he added.

    Many firms favour IM over email to get around compliance regulations, which require them to log all emails. In this year's SANS top 20 vulnerabilities, threat research director Ross Patel highlighted IM as a major cause for concern.

    Whitehat's Hart advised companies to avoid use of IM: "Don't use instant messenger. Anything going over port 80 should be checked and controlled. The easiest way of preventing the bot is by stopping people installing software."

    To see a proof-of-concept example of the nmap bot, see:


  2. #2
    Join Date
    Jul 2004
    well hell, i might have to look into this, i have a bone to pick with microsoft

  3. #3
    Senior Member
    Join Date
    Oct 2002
    I'm sure this has to do with the recent "IM Worms" or something of that nature. Other than that (and by direct connections, which only gives you the IP) I can't really see how you can hack a network through IM.
    Space For Rent.. =]

  4. #4

    AIM has had vulnerabilities, but this article is not really smart. If you were to find a vulnerability in AIM and planned to use it as a zombie to scan another box or act as a part in DDoS, why the hell would you control the box over AIM?

    The hacker wouldn't have to wait for them to be online
    The victim won't see AIM messages
    The hacker wont have to install a bot through the exploit
    The hacker could instruct 10000+ boxes to do something instead of having to have conversation with a bot.

    The bot isn't necessary, this article isn't really smart. The only benefit I would see is it names boxes with screen names instead of IP's, so it's easier for an attacker to organize dynamic IP's, but a reverse bind shell would do the same thing.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts