Virus writers, scammers and spammers are plying their trade via instant messaging. Liane Cassavoy and Andrew Brandt identify the real threats and offer tips on avoiding them.
When it comes to viruses and worms, email gets all the attention. But now that instant messaging has infiltrated both home and office, it too has become an attractive and easy target for virus writers and spammers.
From 2002 to 2003, worms and viruses that spread via IM and peer-to-peer networks increased 400 percent, according to Symantec's Internet Security Threat Report. Already this year, we've seen the Jitux.A and Bizex worms targeting MSN Messenger and ICQ, respectively.
Jitux.A spread itself by tapping users' IM contacts, but Bizex had more malicious intent - it sent you a link to a Web site that scanned your PC for data on your electronic payments and finances. The site was quickly shut down once the worm was discovered, but no one is sure how much data was collected before then.
Expect the threats to continue. As users get more adept at stopping traditional attacks, virus writers will look for softer targets, says Bill Adler, president of CyberScrub, a PC security software vendor. "Instant messaging, for many reasons, is a softer target," he states.
Be on guard
But don't scrap your IM client just yet. Most IM viruses and worms can't propagate automatically - they require you to click a link or download an applet. You can therefore avoid many of the threats if you practice safe computing. See Chat protection on page 38 for tips on keeping yourself and your data safe.
A prime example is the Osama Found game, which circulated rapidly via AOL Instant Messenger earlier this year. It spread by sending a link to AIM users, inviting them to download a game in which they could pretend to catch Bin Laden. Users who clicked through got the game as well as BuddyLinks, a program that grabbed all of the user's IM contacts and sent them the same message.
The very nature of instant messaging - its informality and immediacy - worsens the danger from worms, viruses and other malware. "People tend to let their guard down when it comes to instant messaging, while we have a much more healthy scepticism when it comes to email," explains Bryson Gordon, a senior manager with McAfee security consumer division.
But the most popular IM clients such as AIM and Yahoo Messenger work through closed networks, meaning that users can communicate only with others on the same service. In order to exchange messages with people on multiple networks, you need to run one of the less widely used third-party clients such as Trillian (www.trillian.cc).
"People tend to let their guard down when it comes to instant messaging, while we have a much more healthy scepticism when it comes to email"
- Bryson Gordon, senior manager, McAfee security consumer division
That lack of interoperability may be annoying, but it also helps to curtail the spread of viruses and makes IM a less appealing target than email. And unlike Internet Explorer or Windows, IM applications - at least so far - have fewer published holes through which viruses and worms can spread without a victim's aid.
Antivirus and security software vendors have extended protection coverage to IM. For example, Zone Labs, maker of the popular ZoneAlarm firewall, last year released IMSecure (free for personal use, plus IMSecure Pro version is also available for $29.95) a program that encrypts messages and blocks potentially hazardous URLs.
Symantec's Norton Antivirus includes instant message scanning and McAfee added the same feature to VirusScan 8.0. Both of these programs promise to remove viruses from files received via IM and to protect against viruses that may be downloaded through URLs or links received in messages. And here's some more good news. In informal tests of several antivirus and security applications - with or without special IM components - all caught known viruses sent via AIM.
To prevent infection, keep your instant messenger client updated and follow these tips:
Trust no one
No antivirus program or firewall - both considered must-haves for every PC user - can prevent all virus attacks. Your vigilance remains your best defence. Oliver Friedrichs, a senior manager at Symantec Security Response, says "These threats are [only] successful because people continue to trust content that they receive."
Here come the spimmers
With spam filters improving and some internet providers taking legal action against spammers, a growing number of junk mailers are turning to instant messaging to get the word out about their sleazy wares. This year, spim (spam over IM) messages will number about two billion - four times last year's total, according to David Ferris, president of research company Ferris Research.
Many spim messages tout pornography or fast-money schemes and include a link to a website. Following that link can trigger an avalanche of other privacy and security problems. You may get swamped with pop-up ads or spyware and Trojan horse apps may install themselves on your PC. And spim can be even more intrusive than spam. Just like a regular IM message, spim can pop up in a chat window on top of whatever you're working on at the time.
The increase in IM spam will come about due to much greater use of IM among businesses and a rapid increase in published IM names in corporate and public directories, according to US-based research firm Radicati Group.
The overall business IM market grew by 130 percent worldwide from 2002 to 2003 and will grow a further 85 percent from 2003 to 2004, according to Ferris Research. By 2007 the overall business IM market will increase to 182 million users, representing a compound annual growth rate of 79 per cent.
Fortunately, all major instant messaging packages let you limit or eliminate spim. But the settings that block it require you to make some trade-offs - for example, messages from people not on your contact list will be blocked. You can still add users to your buddy list, but it takes a few more mouse clicks. It's a good idea to add to your list everyone you think you may want to communicate with, before you implement the following tips.