Once upon a time, instant messaging was seen as a consumer technology and was often disabled in the business environment. Now, however, the use of IM has "trickled up" to the corporate world and many workers regularly employ it to communicate with colleagues, customers, vendors and others. And why not? It's as immediate as a phone call but less intrusive, more "real time" than email but offers a similar audit trail (if you enable logging). However, if your users depend on IM on the company network, it's important to educate them about attacks that utilize the IM technology.
A security research firm is warning that there has been a recent surge of attacks that use Windows Live Messenger or MSN Messenger to distribute links to a Russian site that attempts to collect personal information. Another IM-related exploit cons users into installing an application that purportedly will tell them who is blocking them on IM, but actually steals their user names and passwords.
Find out more here: