IM Becoming More Popular Malware Target, Study Finds

As the use of instant messaging for business and consumer purposes grows, so does the allure of writing malware targeting IM. A study released yesterday by IMlogic, which sells IM security products, reported that the number of attacks on IM systems jumped dramatically during the second quarter.

The IMlogic Threat Center study found that more than 70 percent of reported malware attacks were aimed at free messaging services such as AOL Instant Messenger, MSN Messenger, Windows Messenger, and Yahoo Messenger; 30 percent targeted enterprise IM.

Threat Will Worsen

IM analysts agree that malware is becoming a greater problem and will continue to do so.

“The level of threat is nowhere as great as its going to be in the future,” David Ferris, president, Ferris Research, which focuses on messaging and collaborative software, told TechNewsWorld.

“There has been in the past year, a noticeable increase in viruses, especially America Online’s AIM client. They’re No. 1 in terms of user base, so they’re the primary target,” said Su Li Walker, analyst, Yankee Group. “On enterprise side, IM clients are outside the boundary of enterprise protection. You’re subject to an increase in the possibility of attack.”

Many attacks rely on social engineering, which creates a double-edged sword for IM.

“One interesting thing on the consumer side is that IM clients are about building social networks,” Walker said. “You can build a list exclusively and say I only want to talk to these people [to avoid the potential for malware], but I’m out there because I want to build a social network.”

Tricky Bugs

IM malware can be difficult to prevent and remove, IMlogic said. “IM worms infect organizations rapidly and transparently, spreading to a large percentage of vulnerable users in less than one hour. IM worms capitalize on real-time protocols which make detection, quarantine and response a challenge for corporate environments,” the report stated.

Walker, who focuses on consumer IM, said she had been the victim of IM malware.

“The way they’re crafted they’re difficult to get rid of,” she said.

“Organizations should be coming up with a strategy and defenses now,” Ferris said. “They need multi-level antivirus control, firewall control and they should team up with value-added vendors to provide greater security on IM.”

Antivirus vendors Symantec, Sybari, and McAfee, and America Online, Microsoft and Yahoo all support the IMlogic Threat Center.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

E-Commerce Times Channels