Worms Crawl Toward Instant Messaging

Instant messaging applications make it easy to chat in real-time with friends and coworkers, or even to meet new people online. Without proper protection, however, IM users make tempting targets for hackers intent on stealing personal information or corrupting PCs for evil purposes.

Security experts say the potential threat is real and growing every day with the skyrocketing use of IM programs from America Online, Microsoft, and Yahoo. As of April, those vendors served a combined total of more than 111 million unique home users in the United States, says Jupiter Media Metrix. That's up from a combined total of 98.6 million unique U.S. users last October.

Gartner Group estimates global users at 200 million last summer, and IDC projects that corporate users--who are increasingly finding IM programs useful at work--will jump to 300 million by 2005.

New Features, New Threats

As these programs sprout complicated new features, such as voice and video chat, the potential threat intensifies.

"IM software, like all software, has bugs and has potential vulnerabilities," says Carey Nachenberg, chief architect for the security response team at Symantec. The antivirus software vendor has expanded its software and services to monitor viruses that target messaging.

"These IM clients are active communicators on the Internet, connected constantly to servers. A properly crafted worm could literately hit millions or tens of millions of IM clients very quickly," Nachenberg says. Recently, an IM-borne worm surfaced that referred recipients to a particular Web site, although it was apparently not malicious.

A coordinated attack utilizing Internet-enabled devices with IM could be devastating, Nachenberg says.

"If you believe the estimates, we are going to have hundreds of millions of IM-enabled machines--cell phones, computers, whatever--within two to three years," he says. "Think about the implications of a Code Red or Nimda-style worm; not just ravaging a couple hundred thousands servers, but tens or hundreds of millions of machines." In fact, IM services are already appearing on cell phones.

Beware Attachments

In the early days of instant messaging, when only ASCII text moved back and forth between PC-based chatterers, the threat was minimal. Of course, there was a chance even then that confidential information or business secrets might slip out in casual online conversations.

But the current versions of these programs allow file sharing, and that's where attackers have taken aim.

"Now, you get users exchanging executable programs, and what if there is a virus in there?" asks Ted Doty, director of product management at OKENA, an online security development company. "If I'm a corporation and somebody e-mails me a virus, I have an e-mail virus scan on my system, but by the time it comes down to a laptop or desktop, well, you have to depend on individual users to keep the antivirus software up to date."

That's not a bullet-proof assumption to make, according to the experts. As more complicated features come to IM programs, hackers will look for new vulnerabilities to exploit.

Current Deterrents

No specialized IM security software exists now. However, accepted security measures--such as a personal firewall, antivirus software, and content filtering software--work pretty well for messaging, too. Security experts further recommend keeping a healthy skepticism about accepting anything online from strangers.

But many of the same people who would never download a file from an unknown e-mail address may let their guard down when chatting via IM. The online casual exchange is often regarded as more of a social interaction than as any kind of threat.

"It may be a lot like kicking back in your living room and relaxing, but you have to realize it is not your living room. You are being exposed to the entire Internet," warns Sam Curry, security architect for McAfee.com. "Be aware that anyone can walk into your living room and take advantage of you."

Common Sense Advised

"I think the number one thing to tell users is to be practical. Make sure you are safe from obvious threats by using a personal firewall and antivirus protection," Curry says. "Remember, your exposure to hacking and virus threats online is connected to what you do online. If you do more than just e-mail and browse, then your risk intensifies."

Curry adds that the best antivirus software in the world won't help PC users unless they keep it updated to detect ever-evolving threats.

"It is a cold war of sorts. We are providing the right tools, but it is an escalation," Curry says. "The bad guys come out with a new trick and we come out with a new defense."

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Frank Thorsberg

PC World
Show Comments

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?