RealTime IT News

Report: IM Threats All The Rage

The IMlogic Threat Center has reported a sharp increase in attacks affecting a popular means of communication, and it says the increase won't abate anytime soon.

In its Q1 2005 IM Security Threat Report, IMlogic found a 271 percent year-over-year increase in new threats on IM and P2P networks and applications, with 78 unique blended and specific attacks on each.

March had the most with 48 new threats, which is up dramatically from 19 in February and 11 in January.

Of the first-quarter IM threats, some 82 percent included worm propagation or a virus as part of its payload. The Kelvir, Bropia, and Sumom worms were reported by the IM Threat Center as the top three detected enterprise IM infections. Phishing attacks, like those recently reported on the Yahoo Messenger networks also appear to be on the rise.

Hijacking of IM file transfer functionality for malicious purposes was reported in 14 percent of the incidents. Only 11 percent of reported threats, however, made use of known exploits and/or IM/P2P client vulnerabilities. Those known vulnerabilities included buffer overflows or boundary condition errors that were exploited for malicious use.

The most targeted IM network over the course of the quarter was MSN Messenger, which racked up 75 percent of all reported IM threats. The Yahoo network came in second at 14 percent and AOL was third at 11 percent. The report did not mention or list the Jabber network.

IMlogic said it has recognized some trends about the IM threats. Targeted attacks on IM and P2P are increasing, and IM worms utilize social engineering, spread rapidly and are difficult to quarantine.

"The trends identified in our report will continue as IM becomes the new target for more sophisticated attacks aimed at disrupting Internet security," Jon Sakoda, IMlogic CTO and vice president of products, said in a statement. "The IMlogic Threat Center will continue to identify trends and key threats as they evolve to ensure that the millions of consumer and enterprise IM users are protected from these emerging real-time attacks."

The IMlogic Threat Center was established in December as a partnership involving McAfee, Sybari, AOL, Microsoft, Yahoo and IMlogic to help IM users protect themselves against malware threats.