Researchers Chart Sizable IM Threat Growth

New research indicates that hackers are increasingly turning their efforts toward IM-borne attacks, with experts saying that businesses and end users remain largely ignorant to the growing problem.

According to the latest report from anti-malware applications vendor Postini, the sheer volume of instant messaging threats it tracked during April 2006 increased by nearly 25 percent, compared with the number of similar threats it detected during March. While the percentage of IM traffic that included viruses remains relatively low, at less than 1 percent of all the IM conversations monitored by Postini during April, the shift toward IM threats appears to be gaining momentum, company officials said.

As evidence of the increasing sophistication of IM attacks, Postini said it discovered a variant of the Mytob virus, which previously had been seen only in e-mails, that was leveled at all major IM and enterprise messaging clients. Among the Trojan horse viruses that are being delivered via IM were the IMFlood and JahuKit attacks, while related worm viruses included the Appflet, YahooSpy, Mpass and MSNFake threats.

Researchers say automated IM worms are inevitable. Click here to read more.

“Unfortunately the hackers are out in front of the good guys in terms of recognizing that IM is a very palatable way to attack desktops,” said Andrew Lochart, senior director of marketing for Postini. “Since the hackers have perfected their craft in e-mail, in terms of what the payload does when it gets to a victim’s computer, we’re seeing every variation of virus being delivered over IM, from rootkits to keystroke loggers and worms.”

Postini maintains that security threats aimed at IM systems, file-sharing tools and other real-time communication technologies increased by just under 1,700 percent in 2005, compared with 2004, with a total of over 2,400 unique attacks. The firm said that 90 percent of the of IM-related security attacks it observed during 2005 included worm propagation, while 9 percent delivered viruses and only 1 percent of the threats utilized known client vulnerabilities or exploits.

Read the full story on eWEEK.com: Researchers Chart Sizable IM Threat Growth