Instant-messaging virus costs a man his job

http://news.zdnet.co.uk/0,39020330,39159096,00.htm

Ingrid Marson
ZDNet UK
June 30, 2004, 09:05 BST

A virus can transmit previous IM conversations to a user's buddy list without his or her consent - and with disastrous consequences


Virus attacks are not yet frequent on instant-messaging applications, but the latest threat is likely to send a shiver down the spine of all IM users. A businessman whose computer had been infected by a virus found that his entire buddy list had been sent a record of all his IM conversations, said Derek O'Carroll, managing director of IM software vendor IMLogic on Tuesday.


O'Carroll was speaking at a panel discussion on the war against spam at a security event aligned with the Microsoft TechEd conference in Amsterdam. He said the businessman, a vice president at a US-based company, discovered that IM conversations stored by the application had been sent to colleagues on his buddy list, which included partners at the company.

He was fired because of negative comments he'd made about his colleagues in what he thought were private IM conversations. His computer had been infected with the virus after clicking on a URL received in an IM application, according to O'Carroll.

O'Carroll pointed out that various IM applications can keep a record of conversations although they can be set up so that they do not do this. He advised that companies implement content checking with instant messaging to prevent employees from making defamatory comments and to stop critical information from leaving the company.

The Radicati Group recently predicted that instant-messaging spam, dubbed 'spim', will increase dramatically during the next year. This increase in spim could result in an increased risk of security breaches such as these, because hyperlinks embedded in spim can provide a doorway through which viruses enter a corporate network.