A few weeks back I told you about a “friend” of mine who got hit with an IM bug. It was quick, painful, and pretty much fit the definition of “as much fun as a sharp stick in the eye.”
Apparently my friend is not alone. The IMlogic Threat Center, a global consortium that provides threat detection and protection for IM and peer-to-peer (p-to-p) applications, recently issued its second quarter 2005 report on the rise of IM security threats.
Launched with the support of the Internet security vendors Symantec, Sybari Software, and McAfee and the IM providers America Online, Microsoft, and Yahoo, the IMlogic Threat Center is a knowledge base for known IM and p-to-p vulnerabilities and provides rapid response and guidance for protection against newly detected threats.
So how much have IM threats increased over the past year? How does 2,747 percent grab you? Love to see that number next to your 401K, I’d bet.
The report says there has been a “sharp” (there’s an underwhelming adjective) 2,747 percent increase in new IM threats — including viruses, worms, SPIM (spam over IM), malware, and phishing attacks — in second quarter 2005, compared with the same period a year ago. IMlogic also issued more than 15 priority alerts to enterprises and IMlogic Threat Center subscribers in second quarter 2005 in response to the increasing frequency of reported IM threats. Sounds like a busy quarter at the Threat Center.
More than 70 percent of externally reported incidents to the IMlogic Threat Center in second quarter 2005 were attributed to enterprises and small businesses utilizing popular IM applications such as AOL Instant Messenger, MSN Messenger, Windows Messenger, and Yahoo Messenger.
The report also makes note of several attack and vulnerability trends for IM/p-to-p:
IM worms mutate across network boundaries: Second quarter 2005 saw an increase in the number of IM worms that simultaneously propagated across both public and private IM networks, infecting organizations with both standardized IM clients as well as heterogeneous IM usage.
IM worms undermine end-user security through effective social engineering: IM threats utilize “social engineering” techniques to capitalize on successful infection vectors, using casual “chat” techniques, trusted “buddy lists,” and end-user vulnerabilities as targets. In other words, they know what you’re doing with your IM service.
IM worms infect transparently and are difficult to quarantine: IM worms infect organizations rapidly and transparently, spreading to a large percentage of vulnerable users in less than one hour. IM worms capitalize on real-time protocols which make detection, quarantine, and response a challenge for corporate environments. I think that speaks for itself. These are not slow-moving zombies; these are fast moving little buggers, like the monster in Alien.
IM threats hit critical growth levels: There was an exponential increase in the volume of reported incidents of IM and p-to-p threats in second quarter 2005, as hackers and virus writers zero in on these programs and their increasingly wide use. And, unfortunately, it’s likely these numbers will just keep growing.
With all this data now available on the threats to IM, it’s hardly surprising to see more companies offering additional security products to counter this trend. For instance, Trend Micro this week added new IM Security for Microsoft Office Live Communications Server and InterScan Messaging Security Suite. IM Security for Microsoft Office Live Communications Server is designed to prevent recent worms such as Bropia, Kelvir, and Fatso from using IM to propagate themselves.
Expect to see more: With a 2,747 percent year-over-year growth rate in IM threats, I’m sure security vendors see a huge opportunity.
The IMlogic Threat Center’s second quarter 2005 IM Security Threat Report is available on this site.