By now you know to be leery of e-mail attachments, even when they seem to come from a friend or colleague. These days, however, you also have to be careful of IM attachments and links -- because the virus writers are already there, too.
"We've done a much better job of locking down e-mail," says Francis Costello, chief technical officer at Akonix, which helps clients secure instant messaging and peer-to-peer software. "People are turning to instant messaging as the new attack vector."
In the first quarter of this year, Costello says, Akonix saw more than double the 17 IM threats it found in all of 2004. And in the second quarter, there were four times as many threats as in the first quarter.
IM worms hijack IM clients by first reading a user's buddy list of contacts. Then the worm sends a message along the lines of "hehe :) i found this funny movie" to the people on that list, with a link that downloads the worm. Or the message might be "hey, check out this picture" and have the worm attached.
Some hybrid worms split the attack by going after instant messaging and peer-to-peer networks at the same time. One version of the Bropia worm sends out instant messages and drops itself into the shared directory of popular P-to-P apps.
Another worm, Win32.VB, can also spread itself via IM and P-to-P, but adds a new twist. It forces its host to open up to the Internet and help spread the worm; when the worm sends out an instant message with a link, the link goes to the computer hosting the worm.
Although some IM attacks are becoming more innovative, most worms of this type are "kind of crude to date," Costello says, "but crude is working very effectively. Unfortunately, the one thing I've learned in this business is that [virus writers] will innovate."
Enable real-time virus protection: Antivirus programs include protections against any IM worm attachments that sneak by you.
Be wary of any message: Take special care if it comes by itself with a link or an attachment, even if it looks to be from someone on your buddy list. Before clicking, ask your friend if they sent it. No response, no click.
Filter IM traffic: Companies should consider updating their networks to separate their internal IM traffic from Internet-based IM traffic, or preventing all Internet-bound messaging.