Businesses have been warned to prepare for an onslaught of malicious worm attacks through corporate instant messaging systems.
There were more than 2,400 new unique threats via instant messaging in 2005 and the total number could double by next year, research based on an analysis of 600 companies by Postini has revealed.
At the same time, the sophistication of the attacks is increasing, with a growing number of worms carrying payloads that log keystrokes, launch spam or install as rootkits to avoid detection.
"Over the course of the year  there was a 17-fold increase in new threats being written," said Andrew Lochart, director at Postini, which processes more than one billion instant messages a day for 35,000 businesses worldwide.
The number of instant messaging worms using mutation technology to evade anti-virus soft- ware increased dramatically in 2005, putting businesses with anti-virus software covering their instant messaging gateways at risk.
These worms mutate, allowing them to spread before anti-virus suppliers are able to update their signatures. The Kelvir worm, for example, which mutated 140 times last year, forced a temporary shutdown of the Reuters Messaging network.
Although technology is available to protect businesses against instant messaging worms and other types of virus, it has not been widely adopted.
"The market penetration of these solutions is about where anti-spam was five or six years ago. But we predict a large number of companies will take it seriously in 2006," Lochart said.
Dave Roberts, chief executive of user group The Corporate IT Forum, said businesses would need to run awareness campaigns to alert staff to the risks.
"Very experimental, extremely clever people are exploiting loopholes just because they can. The challenge is having awareness campaigns and policies that keep staff alert. Attacks of all sorts are going to increase to limits that we cannot even conceive of," he said.