Study: Threat increases from IM-based attacks

IDG News Service - A study released yesterday found that hackers and virus writers are recognizing and exploiting the opportunities presented by IM-based attacks, the numbers of which have risen sharply over the last two quarters.
The number of IM attacks such as viruses, worms, and phishing scams has increased from twenty for all of 2004 to 571 in the second quarter of 2005 alone, representing an increased threat to both enterprise users and the average consumer, the study from instant messaging security vendor IMlogic Inc. said.
The study, performed by the IMlogic Threat Center with the support of IT security companies Symantec Corp., McAfee Inc., and Sybari as well as IM leaders America Online Inc., Yahoo Inc., and Microsoft Corp., reported that 70% of IM-based attacks target public IM networks and 30% target enterprises.
"IM usage has reached critical mass and virus writers have now recognized it as a mostly undefended medium," said IMlogic CEO and co-founder Francis deSouza. "These [viruses and worms] are mutating, high velocity, and invisible to most companies until they hit. All these factors combine to create a serious risk."
IM attacks act much like e-mail worms and viruses, stealing information from the user's computer or turning that computer into a so-called zombie by tricking users into clicking on phony links or into opening malicious attachments. IM-based attacks can be even more threatening because people receive false instant messages from a name on their buddy list rather than a strange e-mail address, DeSouza said.
"Having an army of zombies is the economic equivalent of having an oil well," said analyst Alan Paller of the SANS Institute. "The two most important things [for a user] to do are block all attachments on IM and to filter IM traffic so you only get it from trusted sites."
In corporate environments the Kelvir, Opanki and Gabby worms were the most common, the study said.
Some attacks are tailored to a specific user and appear to be, for instance, a highly personalized message. The study said that these attacks made up less than 1% of the recorded IM attacks. For the most part, IM attackers aren't sophisticated enough to single out any one user, Paller said. However rare "targeted" attacks may be, Paller emphasized that they are the most dangerous.
The vast majority -- 86% -- of reported attacks involved viruses or worms that capitalize on real-time protocols. The study showed that all of the most successful IM services -- AOL Instant Messenger, MSN Messenger, Windows Messenger, and Yahoo Messenger -- were vulnerableto IM attacks.
Products that protect against IM-based attacks are offered by companies such as Akonix Systems Inc. and Trend Micro Inc. in addition to Waltham, Mass.-based IMlogic.

Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.