Instant messaging targeted for malicious worm attack

Wednesday 01 February 2006 11:36

Businesses have been warned to prepare themselves for an onslaught of malicious worm attacks through corporate instant messaging systems.

The number of new attacks released on to instant messaging, rose 17 fold in 2005 and could double again by next year, predicts research based on an analysis of 600 companies.

At the same time, the sophistication of the attacks is increasing, with a growing number of worms carrying payloads which log key strokes, launch spam, or install as root kits to avoid detection.

Andrew Lochart, director at Postini which conducted the research, said, “In January we observed 25 unique worms and viruses for instant messaging. By December we were seeing 300 new threats. Over the course of the year there was a 17-times increase in new threats being written.”

The number of instant messaging worms using mutation technology to evade anti-virus software increased dramatically during 2005, placing companies with anti-virus software covering their instant messaging gateways at risk.

These worms mutate, allowing them to spread before anti-virus suppliers are able to update their signatures. The Kelvir worm for example, which mutated 140 times, last year forced a temporary shutdown of the Reuters Messaging network.

Postini predicts that, although only a small percentage of instant messaging worms carried malicious payloads last year, this will increase in 2006.

“Phishing attempts, key stroke loggers, ID theft and fraud will be where the action is in instant messaging. Users are not aware they are at risk. If they see an instant message from someone on their buddy list, they assume it is them. They don’t realise that it could be a virus,” said Lochart.

Although technology is available to protect businesses against instant messaging worms, it has yet to be taken up widely.

“The market penetration of these solutions is about where anti-spam was five or six years ago. But we predict a large number of companies will take it seriously in 2006,” he said.

Dave Roberts, chief executive of the Corproate IT Forum, said that businesses would need to run awareness campaigns to alert staff to the risks.

“Very experimental extremely clever people are exploiting loopholes just because they can. The challenge is having awareness campaigns and policies that keep people alert. Attacks of all sorts are going to increase to limits that we can’t even conceive of,” he said.

Postini predicts it is only a matter of time before worms are developed capable of crossing multiple instant messaging networks

Last year, 60% of the reported incidents in 2005, affected the MSN Network, 34% AOL and ICQ, and 9% the Yahoo network.

The research shows that regulation and governance requirements are driving more companies to encrypt their e-mails, using the internet Transport Layer Security standard, which saw a 10% rise in use in 2005.

“There are regulations having to do with privacy of customers data [driving this]. In some cases it is simply good business practice that keeps your sensitive business information secure. Eventually we will reach a point when virtually all e-mail is encrypted," said Roberts.

Court cases

A series of high profile court cases, which have led to large firms being fined for failing to retrieve electronic documents needed in court actions, is prompting more firms to invest in archiving systems , according to Postini.

“Destroying documents is folly. Someone else will always have a copy. If you keep a copy for yourself you have the entire context. An e-mail that appears to be a smoking gun, could in context be innocent,” Andrew Lochart, director at Postini said.

Other findings