06:06 PM

Security Flaw Found In Trillian IM Client

The popular Trillian instant-messaging client contains a security flaw that could allow a hacker to gain control of a person's computer.

The popular Trillian instant-messaging client contains a security flaw that could allow a hacker to gain control of a person's computer, a software company said Friday.

To take advantage of the vulnerability, the hacker would have to use an advanced technique called DNS cache poisoning, which redirects PC users from real sites to spoofed copies, said Matt Hargett, director of development for Pittspurgh, Pa.-based, LogicLibrary Inc. The tactic involves a hacker first compromising a DNS server, which is used on the web to direct computers to websites.

Once Trillian, which is made by Cerulean Studios in Connecticut, is directed to a spoofed server, a hacker could upload malware by overflowing the software's buffer, or temporary storage area, with data containing executable code. Overflowing the buffer fools the software into running the code.

The damage to an infected PC could range from an annoying program crash to a hacker gaining control of the machine, Hargett said. Such an attack is particularly nasty because the user is unaware that his computer is being hijacked.

"You're not doing anything wrong," Hargett said. "You're just starting up Trillian, and thinking its going to an (IM) server."

A patch for the vulnerability was not available on Cerulean Studio's website on Friday.

Trillian, which is available at no charge, lets people access several instant messaging services simultaneously, such as those from America Online Inc., Yahoo Inc. and Microsoft Corp. The software is currently in version 3.1.

LogicLibrary makes software tools used to spot vulnerabilities in applications during the development process.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of July 17, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.