Abstract
Consumer instant messaging (CIM) services (aka public IM) such as AOL Messenger, Yahoo! Messenger, and MSN Messenger have achieved critical mass appeal and usage as a convenient and informal method of communication supporting realtime messaging and presence awareness.1,2 Unfortunately, these services are highly vulnerable from a security standpoint. Some of these security problems include threats from viruses and worms, Trojan horses, identity theft, impersonation, eavesdropping, data loss, and denial-of-service attacks.