Neowin.net - Trillian Vulnerability - Security Flaw Found in Trillian IM

Trillian Vulnerability - Security Flaw Found in Trillian IM

Posted by Steven Parker on 27 March 2005 - 09:55 · 35 comments & 2758 views

CNet news is reporting today that a potentially serious security flaw has been found in the Trillian instant messaging client.

Trillian is an instant messaging (IM) software which allows users to interact with people using many different IM services, such as AOL Instant Messenger and MSN Messenger, using just one instant messaging client (Trillian) instead of having to run each instant messenger software for each service separately.

A large number of people use Trillian, and not surprisingly, as it has been estimated that at least 25% of home users instant message with people on at least two different IM networks at the same time.

The security hole discovered in Trillian will allow a malicious hacker to shut down programs running on the target machine, and even to take control of the entire computer.

Trillian’s CEO, Scott Werndorfer, played the flaw down as being “extremely low risk", stating that the hacker would need to create a fake instant messaging software, then send a message to the Trillian user, and then have the user accept the message. More at Source.

News source: Aunty Spam's Net Patrol

Thanks to Hurmoth and Cyber Dog for the heads up.

Hide additional information

About the Author
Full name: Steven Parker
Forum name: Neobond
Contact: via forum PM
Submissions: Normal · Headline

Total votes: 0

Bookmark on del.icio.us

Advertisement

#1 Posted by WitCh-Fire on 27 Mar 2005 - 10:30: <sarcasm>Quick everyone! Run back to MSN IM!!!1! </sarcasm>

Its nice to know people are watching out for these Third Party Messaging Programs.
Now, we must beat Scott into submission to get back to hard labouring, sleepless weeks upon weeks of Caffeinated Hard-core programming

(1 reply) #2 Posted by Staind on 27 Mar 2005 - 11:12: Hey, tell me it's not true! Fortunately, I've just switched to gaim severasl days ago.

#3 Posted by smashguy on 27 Mar 2005 - 12:26: very nice!!

(1 reply) #4 Posted by PROGAME on 27 Mar 2005 - 13:20

QUOTE

send a message to the Trillian user, and then have the user accept the message

wow, the other user has to accept the msg

i don't remember being asked for every msg i get "do you want to accept the msg?"

anything that allows a hacker to take control of the entire computer by simply sending a msg can not be "extremely low risk"

and if the details about this hole were published, then a "fake instant messaging software" must already be around.

accept the msg...good one

#4.1 Posted by VikingStorm on 27 Mar 2005 - 15:27: The quote wasn't very clear. You need to accept a file transfer (on Yahoo Messenger), not just a message. Though if you accept random file transfers... So just disable Yahoo Messenger plug-in for the time being I guess.

(3 replies) #5 Posted by bucko on 27 Mar 2005 - 14:53: MSN Messenger and what not has had it's fair share of problems like this so don't go saying Trillian is crap.

#6 Posted by suryad on 27 Mar 2005 - 15:02: I use Trillian Pro myself and if this is a serious problem I would like to know!!!

(1 reply) #7 Posted by bangbang023 on 27 Mar 2005 - 15:44: Wait, he says it's not serious? Are you kidding me? If MS said the same thing, they'd be crucified and would have been sued within 5 minutes of making the statement.

(4 replies) #8 Posted by moeburn on 27 Mar 2005 - 16:08: Software news?

(2 replies) #9 Posted by Marshalus on 27 Mar 2005 - 16:12: Anyone who accepts file transfers from people they don't know is asking for trouble as it is.

#10 Posted by tophat on 27 Mar 2005 - 16:44: Seems like more work than its worth. Considering there's no real way to tell (that I know of) that the person at the other end is using trillian or yahoo messenger, this doesn't exactly seem like something you can easily unleash on the public...

(1 reply) #11 Posted by kev13dd on 27 Mar 2005 - 16:53

This makes me mad that Trillian is getting such bad rep all over the internet for something as silly as this

A) Someone has to create their OWN IM program to exploit this flaw
B) Somehow figure out you're a Trillian user, which can't be told from pretty much anything except talking to you. And someone who goes "ARE YOU USING TRILLIAN? WANNA EXCEPT A RANDOM FILE?" might let even the dumbest idiot know something is up
C) You have to accept the file they send you

Did anyone go to this companies (the one that find the "flaw"

and actually read their report on Trillian? It says, and I quote:

QUOTE

For attackers to exploit this vulnerability, they would need to take over the
Web server being connected to or DNS/route poison the victim into connecting
to their malicious Web server

So to actually do something, you would need to get pretty close to the target machine, an external worm to reroute the servers (if you get that far, why exploit through trillian) maybe, or various DNS/route poison attacks, which are hard to propagate through the internet (correct me if im wrong). Sound easy? Probably not

If someone is smart enough to exploit this, they can probably hack you in other ways. Every IM client is vulnerable if you accept files from someone you don't know. They could easily just send you a trojan or a virus. Trillian is practically safe as it always has been. Such a minor flaw that has NOT even been attacked yet, should hardly be considered grounds to suddenly stop using Trillian

Moral of the story: Don't accept random transfers from people you don't know

K

#11.1 Posted by rbet on 27 Mar 2005 - 17:23: well said. I love trillian pro... and I don't think I am going to accept random files from unknown users anytime soon...

#12 Posted by EduardValencia on 27 Mar 2005 - 17:21: using MSN Messenger 7,no problems here.

#13 Posted by STanger on 27 Mar 2005 - 17:39: don't auto accept in trillian and I think this is a per connection setting but I know you can set each account to not accept IM's from p33ps not on your contact lists

#14 Posted by eilegz on 27 Mar 2005 - 18:09: they will fix it soon anyways trillian pro 3.02 comming

#15 Posted by Dwarden on 27 Mar 2005 - 18:50: good ol Miranda IM ) 0.4 alpha

(1 reply) #16 Posted by xinok on 27 Mar 2005 - 20:18: I don't think this is an "extremely low risk" vulnerability, just because you have to accept a file transfer. If anyone is aware of how recent messenger viruses worked, it sends itself to people on your buddy list, so if you see a file transfer, its likely to be from somebody you know. I don't think it would spread very fast though, as I guess only a small percentage of Yahoo users use Trillian.

(1 reply) #17 Posted by SquareSoft0 on 28 Mar 2005 - 03:54: This is so "out there" on terms of probability. They really should toss this into the lowest priority possible. Though completely unrelated to this problem, I've gotten frustrated over time at Trillian 3's bloat so I'll switch to Gaim.

#18 Posted by neo_joel on 28 Mar 2005 - 12:05: just an alternative for those using Trillian, theres a program out there like it called Qnext, which basically does the same thing but with extra filesharing stuff built in.

(1 reply) #19 Posted by sorlag on 28 Mar 2005 - 13:57: Is gaim now a native Windows port, or does it need that wrapper dlls etc?

[1]

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Scroll to the Top