IM And P-To-P Malware Threats Nearly Triple - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


IM And P-To-P Malware Threats Nearly Triple

Security threats exploiting instant-messaging and peer-to-peer clients jumped by more than 270% in the past year, a group of IM providers and security firms say in a first-ever report.

Security threats exploiting instant messaging (IM) and peer-to-peer (P2P) clients jumped by over 270 percent in the past year, a group of IM providers and security firms said Tuesday in a first-ever report.

The IMlogic Threat Center, a database of past and emerging IM and P2P worms, viruses, and other exploits, is a joint effort among public IM providers America Online, Microsoft, and Yahoo, along with security firms such as Symantec, McAfee, and IMlogic.

Its first IM Security Threat Report, released Tuesday at the InfoSec security conference in Orlando, Fla. noted a 271 percent increase in threats in the first quarter of 2005 over the same quarter in 2004.

"Most of that increase occurred just this quarter," said Jon Sakoda, chief technology officer at IMlogic, "but with a huge spike in March. The number of threats had essentially doubled by the end of February over the first quarter of 2004, but March was the real kick."

March's total of 48 identified threats, in fact, was over 50 percent more than January and February's combined (30), Sakoda said. Most of these attacks, in March, and before, were worms directed at IM clients, and took a bewildering array of forms, from those that tried to turn the target computer into a spim (spam on IM) spewing zombie to, in a new twist, phishing scams based on IM rather than e-mail. "Their sophistication is increasing," said Sakoda about IM and P2P malware writers. "Whether they're using IM to deposit adware and spyware on systems or using it for phishing attacks, like last month's on Yahoo, they're getting more professional."

Eighty-two percent of the attacks in the last year were IM worms, said the report. Like mass-mailed worms, IM worms live as much to spread as inflict damage or distress. Another 14 percent were meant to hijack IM clients' file-transfer capabilities, while 11 percent exploited known IM vulnerabilities. (The total exceeds 100 percent because some threats had multiple purposes.)

Three out of every four attacks are directed at clients for Microsoft's public IM network -- a number slightly up from numbers released earlier this year by the center -- while Yahoo accounts for only 14 percent and AOL just 11 percent.

"MSN has a global presence, so it's likely to be used internationally, which is where most of these worms originate," said Sakoda. "On top of that, the API for the service is embedded in the operating system, and easy to figure out and use."

More proof in MSN's special vulnerability to current threats is in the center's top 10 most reported IM worms: nine of the ten target MSN and Windows Messenger, Microsoft's IM clients.

In both the short and long run, said Sakoda, users and businesses should expect a further surge in IM threats.

With 85 percent of businesses harboring users of public IM networks, but with fewer than 10 percent deploying any IM-specific defenses, the continued use of IM poses a problem.

"The macro trend is that IM is everywhere, and it's hard to see any change in that," said Sakoda. "Businesses love IM, even if it's out of control, security-wise, at the moment."

On the hacker side, Sakoda sees those malcontents and criminals moving quickly from today's predominant motivation of notoriety to one of profit, following in the footsteps of mass-mailed worms over the last 24 months.

"Notoriety is a driver for most IM worms now, but as the phishing attacks on the Yahoo prove, there's an increasing pressure to generate profit," said Sakoda.

Contrary to some claims that stopping IM threats should be relatively easy, since all traffic passes through a set of central servers at the provider, Sakoda said that stymieing worms will remain difficult as long as users click on embedded links.

"IM is a double-edged sword," he said. "Once you're able to figure out what the attack is and create a signature, you're able to rapidly respond to it, but because of the real-time nature of IM, threats spread very quickly. You don't have days to react as you might with, say, e-mail worms, but just hours.

"Because many of these attacks are coming from rolling bogus [IM] accounts, or worse, from hijacked existing accounts, it's hard to detect the attack patterns at the network level," said Sakoda.

"IM security is going to be a very big problem in 2005," he promised. "Everyone, from businesses and users to security companies, is going to have to focus on it."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Where Cloud Spending Might Grow in 2021 and Post-Pandemic
Joao-Pierre S. Ruth, Senior Writer,  11/19/2020
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
Register for InformationWeek Newsletters
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll