IM Botnet Infects Thousands

botnet

"It's another sign that companies need to take steps to protect themselves from infections," said Don Montgomery, vice president of marketing of San Diego-based Akonix Systems. "Corporations have a responsibility to not be propagating these threats."

The malware, first detected by security company Aladdin, came in the form of files that emulated pictures sent from seemingly known users. The files entered new systems by using contacts that the Trojan gleaned from IM "buddy lists," as well as from the systems of other unknown users. Less than three hours after the malware's launch, the number of infected PCs was estimated to be in the thousands, and growing by the hundreds every hour.

A Microsoft spokesperson confirmed via e-mail that the company was aware of the attack, and said that it would continue to monitor the situation in addition to taking necessary action to protect its customers.

Montgomery said that the bot would almost definitely be used as a vehicle for malicious intent or some kind of cyber crime. The bot, computer programs that give cyber crooks complete access to PCs, will subsequently infect numerous other PCs and continue to deliver Trojans to unprotected desktops until reaching critical mass. The hacker, or operator, could start to deliver code that would access user names, credit card numbers or other private information.

"The link between the ability to use IM to build a botnet and use the bot to steal financial data is the worse case scenario," said Montgomery. "There is very little reason to build a botnet other than the purpose of taking something."

Cyber criminals and malware authors are increasingly using IM as a vehicle to build botnets in order to exploit vulnerabilities and access personal information such as credit card numbers, Montgomery said.

After-the-fact protection might be limited. While new antivirus scanners could be developed in response to the recent IM bot, it will likely be installed too late to prevent any significant damage if the malware infects PCs that are not equipped with IM security systems. Montgomery said that about 70 to 75 percent of businesses don't have adequate IM security protection in place. "It's sort of like buying a smoke detector after you've had the fire," said Montgomery.

In an e-mail, Microsoft encouraged customers who believe they have been attacked to contact their local FBI office or report their situation on www.ic3.gov.

This is the second known incident in less than two weeks that malware has been transmitted via Instant Messenger. A Los Angeles man agreed to plead guilty Nov. 9 to four felony counts after he and others developed a malicious code distributed primarily via AOL's IM, which was used to retrieve personal information in numerous identity theft schemes. John Schiefer, 26, used the malware to intercept the electronic communications from zombie computers in order to hijack Paypal accounts, as well as other Websites.