Threat Alert: Instant Messaging Attacks

By now you know to be leery of e-mail attachments, even when they seem to come from a friend or colleague. These days, however, you also have to be careful of IM attachments and links--because the virus writers are already there, too.

"We've done a much better job of locking down e-mail," says Francis Costello, chief technical officer at San Diego-based Akonix, which helps clients secure instant messaging and peer-to-peer software. "People are turning to instant messaging as the new attack vector."

In the first quarter of this year, Costello says, Akonix saw more than double the 17 IM threats it found in all of 2004. And in the second quarter, there were four times as many threats as in the first quarter.

IM worms hijack IM clients by first reading a user's buddy list of contacts. Then the worm sends a message along the lines of "hehe :) i found this funny movie" to the people on that list, with a link that downloads the worm. Or the message might be "hey, check out this picture" and have the worm attached.

Some hybrid worms split the attack by going after instant messaging and peer-to-peer networks at the same time. One version of the Bropia worm sends out instant messages and drops itself into the shared directory of popular P-to-P apps.

Another worm, Win32.VB, can also spread itself via IM and P-to-P, but adds a new twist. It forces its host to open up to the Internet and help spread the worm; when the worm sends out an instant message with a link, the link goes to the computer hosting the worm.

Although some IM attacks are becoming more innovative, most worms of this type are "kind of crude to date," Costello says, "but crude is working very effectively. Unfortunately, the one thing I've learned in this business is that [virus writers] will innovate."

Protect Yourself

Enable real-time virus protection: Antivirus programs include protections against any IM worm attachments that sneak by you.

Be wary of any message: Take special care if it comes by itself with a link or an attachment, even if it looks to be from someone on your buddy list. Before clicking, ask your friend if they sent it. No response, no click.

Filter IM traffic: Companies should consider updating their networks to separate their internal IM traffic from Internet-based IM traffic, or preventing all Internet-bound messaging.

See the Complete Special Report

The New Security War: In this Special Package
Best Defenders and Spy Sweeper Leads the Field (chart)
The Hidden Money Trail
Privacy in Peril
Is the Net Doomed?
Threat Alert: Spear Phishing
Threat Alert: Antivirus Killers
Threat Alert: Instant Messaging Attacks
10-Step Security
Security by the Numbers
More Security Resources on the Web

Also See Our In-Depth Online Series
Web Of Crime

Subscribe to the Security Watch Newsletter

Comments