By Susan B. Shor TechNewsWorld Part of the ECT News Network
12/08/04 9:57 AM PT
Most e-mail users are aware that opening an executable file (.exe) from an unknown source is a danger, but many don't know what an IM threat looks like. It can be carried in a URL from somebody in your buddy list, IMlogic's Francis deSouza said.
Increase Customer Sales with VerticalResponse Email Marketing! Quickly and easily send email newsletters, coupons & sales announcements to your customers – no technical expertise needed. Sign up for your Free Trial today and send 100 emails on us!
In an attempt to get a jump on the spread of malware through instant messaging, a group of security firms has banded together to create a community of watchdogs that will share information about potential threats.
Led by IMlogic, which sells enterprise security software for IM systems, the group comprises security companies MacAfee and Sybari Software and IM providers America Online, Microsoft (Nasdaq: MSFT) and Yahoo (Nasdaq: YHOO). IMlogic has set up a free "threat center" where it will post information on viruses, worms and vulnerabilities in IM and peer-to-peer networks identified by the group.
E-mail alerts will be sent to anyone who requests them when new threats are identified, and IMlogic will send instant updates to its software customers to block the new threat. The IM networks will monitor their traffic to try to quickly identify any suspicious activity.
Sounding the Bell Early
"An essential part of protection is detection," IMlogic CEO Francis deSouza told TechNewsWorld. He said the pattern of IM's growth is mimicking the earlier pattern of e-mail's growth, which gives security companies a leg up in the understanding of how malware will begin to spread.
"The genesis behind the threat center was to take a proactive stand," deSouza said. While the threat of malware arriving through e-mail is still much higher than through IM, the number of IM malware threats is doubling every six months, he said. In addition, IM malware can be more insidious, spreading much more quickly and looking even more innocuous when received.
"People are more likely to click on URLs in IM messages, or accepting files without knowing they are accepting them," deSouza said. "On e-mail, people generally know what they're doing."
Dangerous URLs
Most e-mail users are aware that opening an executable file (.exe) from an unknown source is a danger, but many don't know what an IM threat looks like. It can be carried in a URL from somebody in your buddy list, deSouza said. IMlogic's software is designed to block known malware URLs from reaching IM users.
The threat will only grow as the use of IM spreads and as IM interconnectivity spreads with it. In the past, users had to be on the same IM system, but that is changing. This summer, Microsoft announced it would open its enterprise IM server to allow communication with MSN Messenger, Yahoo Instant Messaging and AOL Instant Messaging. That means that malware can jump from one system to another.
Clever Hackers
In addition, deSouza said, malware writers are beginning to create viruses and worms that can take advantage of any software opening on a system and spread through it. That means that if your e-mail is secure but your IM isn't, the worm, which may have first sought to infect a system through e-mail, will find the hole in IM and exploit it.
DeSouza said he is hopeful that early detection and the ability to take the lessons learned from the spread of malware through e-mail will make this battle a little easier.
Trend Micro Hopes To Spread Mobile Antivirus December 06, 2004
The spam-blocking feature of Trend Micro's package may be more immediately useful, because bandwidth is money. Software that can prevent unwanted messages from coming
through will save users cash.
Related Stories
Omnipod CEO Gideon Stein Speaks on IM Networks November 22, 2004
By implementing a private IM network, corporations and government agencies actually can boost productivity, cut telephone costs and improve customer service, self-described "serial entrepreneur" Gideon Stein, CEO and a director of Omnipod, said. The Manhattan-based company already has proven this to clients.
E-Mail and Instant Messaging Face Compliance Challenges September 21, 2004
Regulations imposed by the Securities Exchange Commission, the Freedom of Information Act and Sarbanes-Oxley make no distinction between public instant-messaging clients provided by AOL, MSN, ICQ and Yahoo and the enterprise-messaging systems provided by Microsoft Live Communications Server and IBM Lotus Instant Messaging.
IMlogic Releases Free IM and P2P Blocking Software September 14, 2004
"Many corporate executives are in denial, which quickly turns to anger when they discover unauthorized IM and P2P use in their companies and realize the increased security and legal risk and lost productivity," said Matt Cain, senior analyst at market research company Meta Group.
Can iSight, iChat Catch Enterprise IM Wave? July 21, 2004
Apple is joining many other companies riding on a wave of convergence between collaboration and communication, according to META Group senior vice president and principal analyst Mike Grotta. These changes will affect small business and enterprise. "Right now, the primary method remains live meetings or using the phone with conferencing," Grotta said.
Arch Rivals Partner on Enterprise Messaging July 15, 2004
Yahoo Vice President of communication products Brad Garlinghouse said the move would open Yahoo's Messenger network to the enterprise IM community in a more secure, convenient and seamless manner. "By working strategically with leaders in the enterprise IM environment.
Related News Alerts
More by Susan B. Shor
Salesnet President Jonathan Tang Ready to Take On Salesforce.com February 07, 2006
"We think it's Salesnet's time now. We've been around since the beginning, we've been lying low, but you're going to start to see more of us. We've done it through organic growth and happy customers. We continue to focus on customers."
Comcast Follows Time Warner in Offering 'Family' Programming Tier December 23, 2005
"The demand for this type of tier is coming from the FCC and Christian conservatives. It has nothing to do with legitimate consumer demand," Todd Chanko, senior analyst at Jupiter Media, told the E-Commerce Times.
High-Risk Flaw Found in Symantec's Software December 22, 2005
"Part of the significance of this vulnerability announcement is that your machine can be exploited without you needing to do anything at all. You don't even have to open an e-mail or attachment, and this happens with the default configuration of the product," said Forrester Research senior analyst Michael Gavin.
Headline Feeds
Talkback: 
