Research: IM Malware Attacks on the Rise

With 41 new attacks carried out during the month of December alone, 2006 proved to be a significant growth year for threats distributed over instant messaging systems.

According to a new research report produced by security software maker Akonix Systems, in San Diego, experts at the company unearthed some 406 new IM-borne threats over the last 12 months, compared with 347 attacks tracked by the company in 2005.

In 2004 the company’s security analysts discovered just under 50 attacks that were carried out either via IM or peer-to-peer technologies.

However, attacks delivered via P2P networks appear to be falling in popularity, as Akonix researchers recorded an 11 percent decrease in that type of threat during December 2006, with only 16 such attacks reported for the month. Akonix traditionally reports its research of IM and P2P threats simultaneously.

New IM worms arriving during December included the Blowhen and Skyper viruses, as well as Sohana, which was the most common attack seen by the researchers, with five variants, followed by Blowhen, with two.

Researchers said the distribution of IM threats has followed a similar path over the last three years, as the arrival of new attacks has slowed during summer months and then increased during the fourth quarter of the calendar year.

For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internet’s Security IT Hub.

Don Montgomery, vice of marketing at Akonix, said his company is unsure why attackers are apparently taking time off over the summer, but said the annual trend could be linked to student hackers coming back online for the fall semester after break.

The final three months of 2006 represented the heaviest volume of IM threats that the firm has ever seen.

“We don’t know why this is happening each fall because we don’t know who the sources are, but it’s definitely established a pattern,” Montgomery said. “In general we believe that there will be more threats arriving over IM in 2007 than we have ever seen before, and that they will also grow more complex and dangerous.”

While many IM attacks of years past have merely propagated themselves via IM users’ address books and caused little collateral damage, newer threats are seeking the same types of financial information for the purpose of committing identity fraud as their e-mail counterparts. One of Akonix Systems’ predictions for 2007 is that IM attacks will increasingly be for purposes of cyber-crime.

Click here to read more about IM-based attacks and image spam.

As an example of the type of attack the company expects to encounter, Montgomery pointed to his company’s recent discovery of a virus delivered over IM that sought to steal passwords when users attempted to log on to the Web sites of well-known banks. Just as the criminal element has replaced so-called script kiddies in other virus arenas, organized groups seeking to turn a profit off of their work have become the norm in the world of IM security, he said.

Unlike e-mail threats, where virus payloads are typically hidden in the messages themselves, IM threats still rely largely upon Web site URLs to get code onto victims’ computers. An increasing number of the attacks are also using URLs designed to look like those of legitimate companies but that actually redirect users to virus sites, Akonix reported.

“Across the volume of attacks in 2006, most were still very simple nuisance code that only propagates itself, but we did see a growing number of sophisticated attacks that were multi-stage, such as worms that also pull down Trojan viruses to do other things,” Montgomery said. “We expect to see increases in both volume and sophistication of IM attacks during 2007.”

Check out eWEEK.com’s Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraine’s eWEEK Security Watch blog.