Wednesday, April 1, 2009

Wide Exploitation of Chatting Applications (A friend's smile or the devil)

So which IM messenging service you're using today? and that you trust the most?


...and many others.

Recently, the researchers Yoann Guillot and Julien Tinnes has came up to expose the ground reality or the root of massive attacks against instant messaging applications. The threat identified is based on the set of highly animated emoticons or simple smileys. Although, from the dark ages of underground world, this could be the old exploit. The PoC (proof-of-concept) code has been implemented under Ruby on Rails technology and is available at:

The potential of this exploit is very high and unacceptable because nearly 95% of internet users use IM applications on day to day basis. Researchers have implemented the encoder above to land any malicious shellcode inside the smiley or animated icon. However, to notice, the current implimentation is limited with the shellcode compliant with MSN based emoticons only. Code can be complied under 'C' with 'metasm' to test the exploit. This has laid a very extensive challenge for the security community to identify the attack patterns in order to protect such threats at IDS/IPS devices.

Happy Rooting...