MSN Messenger "instant messaging" service login (MSMessenger_Login)

About this signature or vulnerability

IBM Security Host Protection for Servers (Unix), IBM Security Network Protection, IBM Security Host Protection for Servers (Windows), Virtual Server Protection for Vmware, Proventia Network IPS, Proventia Network IDS, Proventia-G 1.1 and earlier, BlackICE Agent for Server, IBM Security Host Protection for Desktops, Proventia Network MFS, Proventia Server IPS for Linux technology, RealSecure Server Sensor:

This signature looks for a successful login as a Microsoft Messenger user. This is identified by a "USR" command where the 1st argument is "OK".


Default risk level

Low risk vulnerability  Low

Sensors that have this signature

IBM Security Host Protection for Servers (Unix): 2.2.2, IBM Security Network Protection: 5.1, IBM Security Host Protection for Servers (Windows): 2.1.14.2400, Virtual Server Protection for Vmware: 1.0, Proventia Network IPS: 2.0, IBM Security Host Protection for Servers (Windows): 1.0.914.0, Proventia Network IDS: A Series, Proventia-G 1.1 and earlier: G Series, BlackICE Agent for Server: 3.6, IBM Security Host Protection for Desktops: 8.0.614.1, Proventia Network MFS: 1.0, Proventia Server IPS for Linux technology: 1.0, RealSecure Server Sensor: 7.0

Systems affected

Microsoft Windows, Microsoft MSN Messenger

Type

Protocol Signature

Vulnerability description

MSN (Microsoft Network) Messenger is a popular Internet chat program used to send messages, share and transfer files, talk over the Internet, check stock prices and headlines, and play games. Historically, "instant messaging" systems such as MSN Messenger have provided means for attackers to introduce malicious software (such as trojan horse, backdoor, and virus software) onto networks.

How to remove this vulnerability

Your institution's security policy may permit the use of instant messaging systems on your network. As a part of your institution's security policy, consider restricting use of instant messaging systems as needed. If restriction of instant messaging is not possible, file transfers over instant messaging services should be monitored for potentially malicious software.

References

Microsoft Corporation Web site
MSN Messenger
http://messenger.msn.com/

ISS X-Force
MSN Messenger "instant messaging" service login
http://www.iss.net/security_center/static/8232.php