Worms wiggle into IM

Like airborne viruses, instant messaging worms are fledglings, but very much on the rise. These new worms are also proving that once inside a corporate network they can be just as destructive, if not more so, than traditional e-mail attacks.

E-mail remains the most widely used and destructive vehicle for spreading viruses and worms over the Internet, but the first three months of 2005 saw a rise in the number of worms using IM to propagate.

Anti-virus company Trend Micro recently released its first quarter 2005 virus roundup, in which half of the reported outbreaks were IM worms. Since emerging as a proof of concept in 2001, IM worms have taken a back seat to e-mail worms. But the sharp increase in IM-based outbreaks this year signals a revival of the IM vehicle, according to Trend Micro officials.

IM worms are on the rise primarily because of the publishing of the source code for existing attacks, said David Perry, global education director at Trend Micro.

"There have been a couple successful [IM worms] and the source code was made available," Perry said. "Most viruses are minor variations on existing viruses."

IM management and security vendor Akonix Systems noted an alarming 400 percent rise in IM attacks in its Q1 IM and peer-to-peer threat summary.

Akonix's numbers showed more than double the total number of targeted attacks on IM and p-to-p networks in the first quarter of 2005 than in all of 2004, according to Francis Costello, chief marketing officer at Akonix.

"We've seen published threat methods, which lets other virus writers jump in," Costello said.

Just last week virus alerts were issued for the latest variants of the Kelvir worm -- W32.Kelvir.U, W32.Kelvir.T, and W32.Kelvir.N -- which targets Microsoft's MSN Messenger and Windows Messenger. The Kelvir worm sends a URL via IM; once a user clicks on the URL, a worm is downloaded that sends itself to the now-infected user's contact list.

Although most IM worms target consumer systems such as MSN Messenger, Yahoo Messenger, and AOL's AIM, corporations still should be concerned.

According to IM security tool vendor IMlogic, nearly 85 percent of enterprises use public IM systems, and most do not have any additional security in place.

In fact, most enterprises are severely unprepared for IM-based malware attacks, according to Michael Osterman, president of Osterman Research.

The various types of IM attacks are not a critical problem yet for enterprises, but are rapidly becoming one, Osterman said.

"Within a matter of months this could become a huge problem that could do a lot of damage," Osterman said. "It would take very little to get totally out of control."

IM by its nature is a little more secure than e-mail, Osterman said. IM requires a user to grant permission to incoming contacts and is not as widely used as e-mail for file transport, through which many malicious payloads are sent.

Once inside a company, however, IM worms can wreak havoc because they bypass existing security defenses in place for e-mail, Osterman said.

Firstly, organizations without enterprise-grade IM in place should find out exactly how much public IM is now running on their network, he said.

"A lot of organizations really underestimate the amount of IM they have deployed," Osterman said. "Sometimes IT managers say they have none but if you put a sniffer on you can see thousands of IM [chats] on the network."

Corporations can deploy enterprise IM systems, such as Microsoft's Live Communications Server or IBM's Lotus Instant Messaging, or they can secure public systems by adding overlay management tools from vendors such as Akonix, FaceTime, IMlogic, and others.

"If you secure the public system and provide security against viruses plus namespace control and auditing and logging, then you have an enterprise grade system," Osterman said.

In addition to a growing number of worms, the types of IM threats are expanding to include SPIM (spam over IM) and phishing attacks. In fact, the first phishing attack using IM hit the Yahoo Messenger application last month. The scam sent a link to an official-looking but fake Yahoo Web site that asked users to provide account and password information. MSN IM users, too, were the targets of a then-new IM worm in March.

As for the SPIM threat, The Radicati Group estimates that SPIM will grow to 17.9 billion messages in 2008, fueled by the growing IM adoption and a sharp increase in published IM names in corporate and public directories.

Akonix currently offers protection from SPIM through dynamically updated SPIM policies, and is paying close attention to the SPIM problem in its development efforts, said Costello.

"SPIM is potentially the next big thing. There is SPIM on IM networks but it is not nearly as bad as e-mail spam," he said. "It is harder to do unsolicited messaging in IM, [but] as more and more people use IM it will become more targeted."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Cathleen Moore

Show Comments


James Cook University - Master of Data Science Online Course

Learn more >




Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?