TechWeb

Security Flaw Found In Trillian IM Client

Mar 25, 2005 (01:03 PM EST)

Read the Original Article at http://www.informationweek.com/news/showArticle.jhtml?articleID=159907181


The popular Trillian instant-messaging client contains a security flaw that could allow a hacker to gain control of a person's computer, a software company said Friday.

To take advantage of the vulnerability, the hacker would have to use an advanced technique called DNS cache poisoning, which redirects PC users from real sites to spoofed copies, said Matt Hargett, director of development for Pittspurgh, Pa.-based, LogicLibrary Inc. The tactic involves a hacker first compromising a DNS server, which is used on the web to direct computers to websites.

Once Trillian, which is made by Cerulean Studios in Connecticut, is directed to a spoofed server, a hacker could upload malware by overflowing the software's buffer, or temporary storage area, with data containing executable code. Overflowing the buffer fools the software into running the code.

The damage to an infected PC could range from an annoying program crash to a hacker gaining control of the machine, Hargett said. Such an attack is particularly nasty because the user is unaware that his computer is being hijacked.

"You're not doing anything wrong," Hargett said. "You're just starting up Trillian, and thinking its going to an (IM) server."

A patch for the vulnerability was not available on Cerulean Studio's website on Friday.

Trillian, which is available at no charge, lets people access several instant messaging services simultaneously, such as those from America Online Inc., Yahoo Inc. and Microsoft Corp. The software is currently in version 3.1.

LogicLibrary makes software tools used to spot vulnerabilities in applications during the development process.