A new phishing
The attack starts with an IM message from a user’s buddy list. The message directs the users to a site where they log in and reveal their Yahoo identity and password. The phisher then gains access to all of the users personal ID stored as part of the individual’s Yahoo account.
Akonix said most examples it’s seen of this phishing attack come by way of unsolicited IM addresses. But IM security vendor IMlogic has seen the Yahoo Messenger phishing attack use existing buddy lists.
“It’ll come on to your client and look for an ID and pose as that ID,” Francis deSouza, IMlogic’s co-founder, said. The fact that the threat comes from a supposedly known entity makes the threat even more dangerous than an e-mail phishing attack, he said.
“People are more educated about the threats that come through e-mail, so they are more wary about clicking on anything,” deSouza said. “On IM, because it is coming from someone on your buddy list, it feels like a trusted communication and we’re seeing 10 times more clickthrough on IM threats than we are on e-mail.”
Neither Akonix nor IMlogic know how widespread or how much damage the Yahoo Messenger phishing attack is causing. Since this attack is focused on Yahoo credentials, the damage may be somewhat limited. But it may be a harbinger.
“This one may not compromise particularly sensitive data,” Francis Costello, Akonix’s chief marketing officer, told internetnews.com. “If the next one targets corporate financial assets or your personal banking information like they do over e-mail that’s a risk we need to pay attention to.”
This particular attack is specific to the Yahoo network, though other IM networks may see their own variants. “We have definitely seen indicators and a few incidents of phishing starting to show up on other networks,” Costello said.
In IMlogic’s opinion there is nothing unique to the Yahoo network that has caused this particular problem.
Both Akonix and IMlogic advocate the use of tools to help protect against the Yahoo Messenger phishing attack. These include: anti-virus scanning tools and malicious content filters that include signatures, URL and/or file attachments definition for known attacks. Enterprise-wide solutions that block and prevent threats at the network perimeter can also protect against IM threats.
“Companies need to recognize the risk in unmanaged IM,” IMlogic’s deSouza said. “Users need to be educated and need to treat IMs with the same or greater caution that they treat emails.”
IM-based attacks will likely continue to grow even though users are warned about them.
“We all know that virus attacks over e-mail, even though people have been told about them for years, continue to work,” Costello said. “In instant messaging, because it has been a relatively safe medium, people are less vigilant.”