ARCHIVED: Keeping your computer secure if you use instant messaging
To avoid virus infection via instant messaging (IM):
- Avoid unknown or suspicious IM links.
- If you doubt the validity of an IM link you received, ask for more
information from the link's sender.
- Do not install files or run programs via IM links. Instead, close any installation windows associated with the file or program, and ask the sender for the file's or program's URL so you can check its validity.
You can infect your computer with an AOL Instant Messenger (AIM) Trojan by clicking a link that the infection places in an AIM buddy's Away Message window. The link usually has a short text message such as "View my pictures at the beach!" or "See my valentines pictures!" (often accompanied by a smiley icon), or is a link such as "LOL: http://www.fakesite.com " Other messages may appear, but the common symptom is a link to a URL which, if you click it, downloads the virus. The exact URL changes as previous hosts get shut down.
Most AIM Trojans install Trojan files, spyware programs, and back doors. Back doors are system level compromises; a remote attacker can install software and run it on your computer without your knowledge. Commonly, these programs are mail relays for spreading spam, or zombie programs to make your computer a participant in a denial of service (DoS) attack. However, an attacker can also install password- or keystroke-logging software, which can steal your bank or credit card PINs and compromise your computer accounts (e.g., email).
Practicing the principle of least privilege can also provide an effective safety net should you accidentally click a link you didn't mean to.