| IM viruses increase 1,700 per cent in 2005
1 February, 2006
By Chris Talbot
As more people continue to turn to instant messaging (IM)
clients for quick communications over the Internet, the popular
consumer-grade IM clients are becoming juicy targets for virus
and worm writers. According to a new report from Postini,
2005 saw a 1,700 per cent increase in IM-based attacks.
Just as consumers and business professionals alike have discovered
IM clients like MSN Messenger, Yahoo! Messenger and AOL Instant
Messenger, so too have hackers, said Andrew Lochart, senior
director of marketing at Postini. Prior to 2005, analysts
had predicted that eventually there would be a lot of IM viruses
and worms scouring the Internet for unsuspecting victims --
and it seems they were right.
"These IM networks that we're all using -- MSN, AOL,
Yahoo! Google -- they're consumer-grade. They're free. They're
not secure and robust. And the hackers have figured this out.
If you want to deliver a virus onto somebody's PC, doing so
over e-mail has become more challenging, particularly in the
business world, but IM is wide open," Lochart said.
As 2005 began, there were approximately 25 to 50 unique IM
viruses found in the wild each month, but by the time the
clock was ticking towards midnight on New Year's Eve, that
number has risen to 300.
"One of the issues is the IM users are relatively naïve
about what threats there are about IM. I think e-mail users
have fairly heightened awareness about spam and viruses, but
I don't think IM users have this awareness yet," Lochart
said.
For instance, just like in e-mail, a message often arrives
looking as if it's from a friend or co-worker. However, within
that message is a worm or virus.
Businesses are concerned about public IM networks, but many
of them understand the productivity benefits associated with
using such networks. Some businesses have chosen to deal with
the issue simply by banning IM clients within the company,
but others have gone the way of using corporate- grade internal
LAN-based IM systems.
"The issue with those systems is -- and this is just
starting to change -- is that those are just LAN-based systems.
Your employees can IM each other, but they don't help you
communicate with customers, people outside of their domain,"
Lochart said. Vendors are looking to change that, though.
For instance, IBM recently announced that its Lotus SameTime
product will be able to connect to some of the public IM networks
by later this year.
When using IM to communicate with people outside of the company,
the public IM networks are still the best option, but each
of the networks run on proprietary technology and can't communicate
with each other. While companies may want to use IM to connect
with their customers, their customers are the ones who want
to choose which IM network they use to chat. Lochart said
Postini customer service representatives use up to four or
five different IM clients on their desktops simply to give
customers a choice.
The need to use multiple IM clients has resulted in the creation
of all-in-one applications like Trillian, which allow users
to log in to all of the public IM networks and communicate
through those networks via one client. Unfortunately, applications
like Trillian open up new security issues.
In 2005, the Kelvir virus hit, which was able to propagate
through multiple IM clients. It was able to hop networks,
Lochart said. Most IM viruses only affect one IM network,
but with the emergence of Kelvir, it's likely that other similar
viruses will pop up in the foreseeable future. They count
on clients like Trillian to allow the virus to easily hop
between networks, Lochart said.
While it's great news for end-users that some of the proprietary
IM networks are working on interoperability, it's also great
news for virus writers, Lochart said.
"We think that's going to be an accelerant in 2006 to
people putting security measures in place," he said.
Postini's report, "Postini Message Security & Management
Annual Report for 2006," examined which IM networks were
being targeted the most by virus writers. Lochart said he
expected to see an even split between the most popular clients
(MSN, Y!M and AIM), but that turned out to be far from reality.
Of all of the IM viruses found in 2005, 57 per cent of them
were written to attack MSN Messenger, 35 per cent were written
to attack AIM and only nine per cent were written to attack
Yahoo! Messenger.
"I can only guess that this is one of those sort of
anti-Microsoft sentiment things that's going on here,"
Lochart said.
That means MSN Messenger users are the most at risk if they
don't have some kind of security to protect themselves, he
said. However, interoperability of networks will continue
to make public IM networks prone to threats.
"We're going to see some virus activity there that takes
advantage of that. I think we'll also start to see more companies
recognizing that they need to put security solutions in place,"
Lochart said.
|
