As the use of instant messaging for business and consumer purposes grows, so does the allure of writing malware targeting IM. A study released yesterday by IMlogic, which sells IM security products, reported that the number of attacks on IM systems jumped dramatically during the second quarter.
The IMlogic Threat Center study found that more than 70 percent of reported malware attacks were aimed at free messaging services such as AOL Instant Messenger, MSN Messenger, Windows Messenger, and Yahoo Messenger; 30 percent targeted enterprise IM.
Threat Will Worsen
IM analysts agree that malware is becoming a greater problem and will continue to do so.
“The level of threat is nowhere as great as its going to be in the future,” David Ferris, president, Ferris Research, which focuses on messaging and collaborative software, told TechNewsWorld.
Many attacks rely on social engineering, which creates a double-edged sword for IM.
“One interesting thing on the consumer side is that IM clients are about building social networks,” Walker said. “You can build a list exclusively and say I only want to talk to these people [to avoid the potential for malware], but I’m out there because I want to build a social network.”
IM malware can be difficult to prevent and remove, IMlogic said. “IM worms infect organizations rapidly and transparently, spreading to a large percentage of vulnerable users in less than one hour. IM worms capitalize on real-time protocols which make detection, quarantine and response a challenge for corporate environments,” the report stated.
Walker, who focuses on consumer IM, said she had been the victim of IM malware.
“The way they’re crafted they’re difficult to get rid of,” she said.
“Organizations should be coming up with a strategy and defenses now,” Ferris said. “They need multi-level antivirus control, firewall control and they should team up with value-added vendors to provide greater security on IM.”
Antivirus vendors Symantec, Sybari, and McAfee, and America Online, Microsoft and Yahoo all support the IMlogic Threat Center.