Threat increases from IM-based attacks

A study released by instant messaging (IM) security vendor, IMlogic, reported that hackers and virus writers are recognizing and exploiting the opportunites presented by IM-based attacks, the numbers of which have risen sharply over the last two quarters.

The number of IM attacks such as viruses, worms, and phishing scams had increased from 20 for all of 2004 to 571 in the second quarter of 2005 alone, representing an increased threat to both enterprise users and the average consumer, the study said.

The study - performed by the IMlogic Threat Center with the support of IT security companies Symantec, McAfee, and Sybari as well as IM leaders America Online, Yahoo, and Microsoft - reported that 70 per cent of IM-based attacks target public IM networks and 30 per cent target enterprises.

"IM usage has reached critical mass and virus writers have now recognised it as a mostly undefended medium," IMlogic chief executive officer and co-founder, Francis deSouza, said. "These [viruses and worms] are mutating, high velocity, and invisible to most companies until they hit. All these factors combine to create a serious risk."

IM attacks act much like email worms and viruses, stealing information from the user's computer or turning that computer into a so-called zombie by tricking users into clicking on phony links or into opening malicious attachments.

IM-based attacks could be even more threatening because people received false instant messages from a name on their buddy list rather than a strange email address, DeSouza said.

"Having an army of zombies is the economic equivalent of having an oil well," SANS Institute analyst, Alan Paller, said. "The two most important things [for a user] to do are block all attachments on IM and to filter IM traffic so you only get it from trusted sites."

In corporate environments the Kelvir, Opanki, and Gabby worms were the most common, the study said.

Some attacks are tailored to a specific user and appear to be, for instance, a highly personalised message. The study said that these attacks made up less than one per cent of the recorded IM attacks.

For the most part IM attackers weren't sophisticated enough to single out any one user, Paller said. However rare targeted attacks might be, Paller emphasised that they were the most dangerous.

The vast majority - 86 per cent - of reported attacks involved viruses or worms that capitalised on real-time protocols. The study showed that all of the most successful IM services - AOL Instant Messenger, MSN Messenger, Windows Messenger, and Yahoo Messenger - were vulnerable to and affected by IM attacks.

• Bookmark this page
• Share this article
  • facebook
  • slashdot
  • digg
  • Reddit
  • stumbleupon
• Got more on this story? Email Computerworld
• Follow Computerworld on twitter

Comments