Worms Crawl Toward Instant Messaging

Instant messaging applications make it easy to chat in real-time with friends and coworkers, or even to meet new people online. Without proper protection, however, IM users make tempting targets for hackers intent on stealing personal information or corrupting PCs for evil purposes.

Security experts say the potential threat is real and growing every day with the skyrocketing use of IM programs from America Online, Microsoft, and Yahoo. As of April, those vendors served a combined total of more than 111 million unique home users in the United States, says Jupiter Media Metrix. That's up from a combined total of 98.6 million unique U.S. users last October.

Gartner Group estimates global users at 200 million last summer, and IDC projects that corporate users--who are increasingly finding IM programs useful at work--will jump to 300 million by 2005.

New Features, New Threats

As these programs sprout complicated new features, such as voice and video chat, the potential threat intensifies.

"IM software, like all software, has bugs and has potential vulnerabilities," says Carey Nachenberg, chief architect for the security response team at Symantec. The antivirus software vendor has expanded its software and services to monitor viruses that target messaging.

"These IM clients are active communicators on the Internet, connected constantly to servers. A properly crafted worm could literately hit millions or tens of millions of IM clients very quickly," Nachenberg says. Recently, an IM-borne worm surfaced that referred recipients to a particular Web site, although it was apparently not malicious.

A coordinated attack utilizing Internet-enabled devices with IM could be devastating, Nachenberg says.

"If you believe the estimates, we are going to have hundreds of millions of IM-enabled machines--cell phones, computers, whatever--within two to three years," he says. "Think about the implications of a Code Red or Nimda-style worm; not just ravaging a couple hundred thousands servers, but tens or hundreds of millions of machines." In fact, IM services are already appearing on cell phones.

Beware Attachments

In the early days of instant messaging, when only ASCII text moved back and forth between PC-based chatterers, the threat was minimal. Of course, there was a chance even then that confidential information or business secrets might slip out in casual online conversations.

But the current versions of these programs allow file sharing, and that's where attackers have taken aim.

"Now, you get users exchanging executable programs, and what if there is a virus in there?" asks Ted Doty, director of product management at OKENA, an online security development company. "If I'm a corporation and somebody e-mails me a virus, I have an e-mail virus scan on my system, but by the time it comes down to a laptop or desktop, well, you have to depend on individual users to keep the antivirus software up to date."

That's not a bullet-proof assumption to make, according to the experts. As more complicated features come to IM programs, hackers will look for new vulnerabilities to exploit.

Current Deterrents

No specialized IM security software exists now. However, accepted security measures--such as a personal firewall, antivirus software, and content filtering software--work pretty well for messaging, too. Security experts further recommend keeping a healthy skepticism about accepting anything online from strangers.

But many of the same people who would never download a file from an unknown e-mail address may let their guard down when chatting via IM. The online casual exchange is often regarded as more of a social interaction than as any kind of threat.

"It may be a lot like kicking back in your living room and relaxing, but you have to realize it is not your living room. You are being exposed to the entire Internet," warns Sam Curry, security architect for McAfee.com. "Be aware that anyone can walk into your living room and take advantage of you."

Common Sense Advised

"I think the number one thing to tell users is to be practical. Make sure you are safe from obvious threats by using a personal firewall and antivirus protection," Curry says. "Remember, your exposure to hacking and virus threats online is connected to what you do online. If you do more than just e-mail and browse, then your risk intensifies."

Curry adds that the best antivirus software in the world won't help PC users unless they keep it updated to detect ever-evolving threats.

"It is a cold war of sorts. We are providing the right tools, but it is an escalation," Curry says. "The bad guys come out with a new trick and we come out with a new defense."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Frank Thorsberg

PC World
Show Comments



Sansai 6-Outlet Power Board + 4-Port USB Charging Station

Learn more >



Back To Business Guide

Click for more ›

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?