Add America Online to those companies having to fix a flaw making you vulnerable to a hack attack. AOL has been fixing an Instant Messenger flaw – one rendering your “away” message vulnerable to a buffer-overflow attack – and is ready to issue a new beta version correcting the problem within a week.
AOL found the flaw several weeks ago but didn’t reveal it publicly at the time, according to a published report which said information leaked out and forced the online giant to acknowledge it publicly.
The flaw could invite a bug to spread through an embedded link in an IM, something akin to a bug once hitting Microsoft Internet Explorer and giving a hacker the same execution privilege as the person who put IM on their computer, according to Panda Software chief technology officer Patrick Hinojosa.
So far, according to NewsFactor.com, no bug exploiting the IM flaw has targeted the program yet. But some analysts think it’s just a question of when it happens, given AOL’s 36 million users. And it isn’t just the novice Netizen using IM who might be vulnerable, Hinojosa said.
"As it is, hackers come up with all sorts of clever ways to get otherwise intelligent people to open an e-mail that is infected with a virus," Hinojosa told the news site, "I hate to imagine what they will do to get people to click on links in an IM." IM, NewsFactor.com said, is more vulnerable to “crafty social engineering tactics because of its personal nature” and because most users are accustomed to getting instant messages from friends and click on them without thinking twice.
