MSN Messenger "instant messaging" service login (MSMessenger_Login)

About this signature or vulnerability

Proventia Network IDS, Proventia-G 1.1 and earlier, Proventia Network IPS, Proventia Network MFS, RealSecure Server Sensor, IBM Security Host Protection for Servers (Windows), Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology, IBM Security Host Protection for Desktops, IBM Security Host Protection for Servers (Unix):

This signature looks for a successful login as a Microsoft Messenger user. This is identified by a "USR" command where the 1st argument is "OK".


Default risk level

Low risk vulnerability  Low

Sensors that have this signature

Proventia Network IDS: A Series, Proventia-G 1.1 and earlier: G Series, Proventia Network IPS: 2.0, Proventia Network MFS: 1.0, RealSecure Server Sensor: 7.0, IBM Security Host Protection for Servers (Windows): 2.1.14.2400, IBM Security Host Protection for Servers (Windows): 1.0.914.0, Virtual Server Protection for Vmware: 1.0, Proventia Server IPS for Linux technology: 1.0, IBM Security Host Protection for Desktops: 8.0.614.1, IBM Security Host Protection for Servers (Unix): 2.2.2

Systems affected

Microsoft Windows, Microsoft MSN Messenger

Type

Protocol Signature

Vulnerability description

MSN (Microsoft Network) Messenger is a popular Internet chat program used to send messages, share and transfer files, talk over the Internet, check stock prices and headlines, and play games. Historically, "instant messaging" systems such as MSN Messenger have provided means for attackers to introduce malicious software (such as trojan horse, backdoor, and virus software) onto networks.

How to remove this vulnerability

Your institution's security policy may permit the use of instant messaging systems on your network. As a part of your institution's security policy, consider restricting use of instant messaging systems as needed. If restriction of instant messaging is not possible, file transfers over instant messaging services should be monitored for potentially malicious software.

References

Microsoft Corporation Web site
MSN Messenger
http://messenger.msn.com/

ISS X-Force
MSN Messenger "instant messaging" service login
http://www.iss.net/security_center/static/8232.php