Viruses Increasingly Infecting Enterprise Networks Via IM

"IM and P2P are growing in popularity as delivery mechanisms for viruses, spyware, Trojans and other blended threats," said Tim Johnson, product marketing manager at SurfControl, an IT security solutions developer based in Scotts Valley, Calif. "Securing the approved IM solution and blocking 'public' IM and P2P [peer-to-peer] protocols at the gateway is vitally important, but does not fully secure the network against threats borne through these vectors."

Studying the Systems

Research by SurfControl shows that many of the 2,200 IM and P2P applications the company has identified, like MSN, AOL, IRC, Gnutella or Limewire, do not use common public protocols. What's more, others stay entirely inside the network, like FlatLAN. "Viruses and spyware are easily spread on these black networks because the gateway never sees the traffic," said Johnson.

Additionally, the mere presence of an unapproved IM or P2P client on a PC workstation can disrupt operations, cause network problems or even crash computers -- even if their conversations are blocked at the gateway, experts said.

The best way to boost security, improve business continuity planning and ensure network integrity is to detect and prevent -- in real time -- the installation of those unapproved applications, experts said.

Johnson's firm has developed an "Enterprise Threat Shield" that augments gateway-based IM security tools, ensuring that only approved users are going to run the approved IM tool and only during approved hours. "If the 2,199 other IM and P2P tools cannot install or run on your network, they cannot be a threat," said Johnson. "This leaves administrators free to secure their approved IM tool while having the confidence that unauthorized traffic is not happening on the network."

Tracking Chats

Another approach is being pushed by Narus, an IP security and management company that is able to track in "real-time all IP data across a carrier's network," said Kara Yi, a spokeswoman for the company, whose customers include AT&T (NYSE: T) , T-Mobile and U.S. Cellular, amongst others.

That tracking, Yi said, means that the company can "reconstruct IM conversations, [and] can pinpoint the location of the IP address as well."

The company's solution sits in the core of the network, which gives them the capability to view a massive amount of incoming traffic and spot anomalies that can possibly be viruses. "This gives [Narus] a total network view, as opposed to the single-point solutions that others offer," said Yi.

Greynets a Problem

Another vendor, FaceTime Communications, based in Foster City, Calif., recently sponsored a survey that highlighted the growing end-user adoption rate of so-called "greynets," unsanctioned network applications that traverse the network on enterprise PCs.

"Instant Messaging applications are the most rapidly adopted 'greynets' on end-user systems," said Frank Cabri, vice president of marketing at FaceTime, a developer of anti-spyware solutions. "It's no surprise that the threats and vulnerabilities to IM security are growing just as fast -- from viruses and worms to identity fraud."

Further exacerbating the issue, the survey also shows that, overall, end-users believe they have the right to install greynet applications at the workplace. They also believe that their IT department has security issues associated with greynets under control, the survey said.

The concept of IM viruses is getting attention of many in the IT community today. A Gartner (NYSE: IT) analyst, John Girard, recently spoke on the topic of malicious threats coming from IM networks -- and infecting not just PCs, but mobile phones and PDAs , too. Enterprises must make themselves aware of these potential dangers, he said.