Hazards of Instant Messaging Clients

The Ohio State University at Lima
Technical Bulletin #200506071336

Instant messaging clients are programs that run on your computer, connect to a hosted service on the Internet, and allow instant transmission of messages between people. They are also capable of transmitting files and programs.

Recently, there has been a new rash of compromised computers within the OSU system, including Lima campus. These compromised systems have had software installed that gives a user on the internet the same access to the computer as though he/she was sitting right in front of it. These computers join what is called a "botnet" that is then used to seek out and compromise other systems, and then are used as sending points for spam, as platforms for attacking other remote sites, and as potential sources of data theft.

The recent outbreak has been caused by software delivered through instant messaging clients. Files are sent, and appear to come from contacts in your lists. When the file is opened, the malicious software is installed on your computer. Anti-virus and anti-spyware programs can not detect these infections, so your computer just goes merrily on its way providing services for somebody else, unrealized by you.

OSU's official word is that the OSU network and OSU computers are for OSU business only, so there shouldn't be any IM clients in use at Lima, with the exception of Admissions, who is using it as a recruitment tool. Please refrain from installing or using IM clients on OSU Lima computer systems, and please uninstall it if it is installed.

In alphabetical order, some popular instant messaging clients (not the only ones!):

AOL Instant Messenger (AIM)
ICQ
Microsoft Instant Messnger (MSN)
Yahoo Instant Messenger