Hackers target instant messaging applications

Security experts have noticed a rise in malware aimed at IM users

Security experts in Germany are warning of a new threat to MSN Messenger and Windows Live Messenger.

G Data SecurityLabs research has found a recent surge in spam and phishing sites that link to the services, as well as a wave of seemingly 'endless' fake friend requests. Adding to these woes is a rogue application that promises to tell users who is blocking them, but in fact is a lure to a scam.

Any links included in messages will take users to a Russian software site which offers products at unrealistically low prices, the firm warned, with the goal of the scammers to obtain personal information and credit card details from their victims.

Other IM-borne threats include a sort of lookup service that lets IM users see who is blocking them as a contact.

Here, users are asked to provide their user name and password in return for the information, but in fact all they are doing is handing over their details on request.

G Data has tested the phishing requests and set up a honey pot account, using the name Michael, to see what impact responding had.

"We created an account to try out these services ['Michael']. The results were as to be expected: disappointing," explained Eddy Willems, security evangelist at G Data SecurityLabs.

"The 'who-blocked-you' service was not able to identify that, from the two contacts on our list, one actually blocked Michael and one did not. The names were both listed."

These failings aside, the firm will still have to wait and see what impact handing over Michael's log-ins has. However, Willems said that whatever happens to Michael will be insignificant when compared with what could happen to a real IM user.

"What will happen with the Michael account, now that the login details are in the hands of these scammers, remains to be revealed. Possibly Michael, with his mere two contacts, is not an interesting enough target for these cyber criminals to put any effort into," he said.

"Most IM accounts hold many contacts, that include email addresses and sometimes even more information about your friends. It's not a good idea to share that information with cyber criminals."