Hackers and cybercriminals have found a new playground: instant
The worms and viruses they traditionally have unleashed through
e-mail now are wiggling their way into enterprises through unsuspecting IM users. The increasing rate at which attackers are using IM to do their dirty work is alarming, solution providers said.
Worms and viruses being spread through IM are problematic not only because they bypass traditional virus scans, but because using the realtime form of communication has become as ubiquitous as e-mail, said Lance Borell, director of marketing at network storage solution provider MTI Technology, Irvine, Calif.
>> In 2005, there were 2,403 unique IM and P2P threats.
>> Ninety percent of IM security threats in 2005 were propagated with worms.
>> Fifty-seven percent of reported incidents over IM networks targeted the MSN Messenger client, Windows Messenger Client and MSN Network.
Source: IMLogic Threat Center report
“Just look around our own offices—the IM window is up and running,” Borell said. “[IM is] quicker than e-mail, and it&'s just the way business is getting done today.”
Making the problem even worse, IM applications from AOL, Yahoo and MSN are readily available for any employee to download and install for free, which means IT staffs may not be managing the use of those applications and making them secure, Borell said.
IM security vendor Akonix Systems tracked 62 IM-based attacks in November 2005, representing a 226 percent increase from the previous month. FaceTime Communications, which also provides software to secure and manage IM, reported an even bigger increase. FaceTime tracked 59 attacks spread through IM and peer-to-peer applications in the first quarter of 2005 and saw them increase in number by more than 1,200 percent to 778 by the fourth quarter.
One new worm sent through IM has already been identified this year. On Jan. 6, FaceTime reported the discovery of a worm that targets PCs infected with the lockx.exe or palsp.exe viruses and uses Internet Relay Chat-enabled malware to connect the host to a server for further infection through a series of commands.
While security solutions have been successful in stopping viruses and worms at the gateway, they can&'t be applied to IM, which is one reason hackers have stepped up their use of IM as a delivery vehicle, said Frank Cabri, vice president of marketing at FaceTime, Foster City, Calif.
“Most of the gateway security products don&'t have the capability to understand the IM protocol,” Cabri said.
Another reason why there have been so many more attacks through IM is because most worms and viruses that are being sent out through e-mail have a component that will propagate them through IM as well, said Vincent Weafer, senior director of security response at Cupertino, Calif.-based security vendor Symantec.
Vendors that sell solutions to secure IM applications are expecting 2006 to be the year that companies will acknowledge the problem, said Don Montgomery, vice president of marketing at San Diego-based Akonix.
“There has been a dramatic increase in attacks, and new threats are increasing in complexity,” Montgomery said.
Symantec&'s recent acquisition of IM security vendor IMlogic, Waltham, Mass., is an industry indicator of the importance of securing IM applications, Montgomery said.
The acquisition should draw attention to the IM security space and boost sales across the market, observers said.
“Symantec is the 800-pound gorilla in security, and they&'re making it very clear that IM security is a serious business,” Borell said.
But solution providers said many customers have ignored the potential risks associated with IM applications, and it may take a major worm or virus before companies acknowledge the problem.
“If someone hasn&'t felt the sting yet, there&'s a hesitancy to spend money on it,” said Brian Moody, vice president of sales and business development at CMT, a San Jose, Calif.-based solution provider.
Other VARs agreed. Even though IT departments are becoming more aware of the risks associated with employees using IM applications, they still face political challenges as companies struggle over whether or not to allow the use of IM and how to manage it if they do, said Brian Haboush, vice president of business development for Intelligent Connections, a Royal Oak, Mich.-based security solution provider.
“IM has a valid business application, and we want to allow customers to use that tool while mitigating the risks associated with it,” Haboush said.
The good news for solution providers, he said, is that because IM is increasingly being used to send viruses and worms, they can expect to sell more solutions to deal with the problem.
“Right now it is one of the biggest drivers for enhanced end-point security products,” Haboush said.