Instant Messaging is the new Malware battleground

By Derek Sooman on May 23, 2005, 1:08 PM
Not content with ruining e-mail for users, the blackhats have decided to attack IM as well. Last quarter, attacks against IM networks rose by 400 percent, and a new threat has emerged - the IM worm.

One such worm causing particular concern is Oscabot-F, which spreads by sending messages to AIM users, saying "lol have you seen this?" and offering a download link. Clicking on the link will download and install the Oscabot-F worm onto the victim's computer and send identical messages to all the victim's AIM buddies. This kind of threat is very difficult to deal with for a variety of reasons, but mainly because IM software is often configured to work on port 80, along with regular HTTP traffic. This means that firewalls will not commonly have blocks in place to stop IM worms. To stop this kind of threat, corporations need better security measures than are currently often in place.

The growing adoption of IM in the enterprise and the growing number of IM threats may pressure messaging security vendors to support IM security as well, said John Pescatore, an analyst at Gartner Inc., of Stamford, Conn.

Secure messaging gateways that consolidate SMTP traffic, Web-based e-mail traffic and IM, as well as firewall and intrusion prevention features, are the right medicine for evolving threats such as IM worms and viruses, he said.




User Comments: 3

Got something to say? Post a comment
smtkr said:
Awe, those poor kids are going to have to stop clicking every link in their freinds' profiles.
phantasm66 said:
This sort of thing has to be stopped. Its like there are people out there who have declared war on the Internet. Someone needs to stop all this, but its a huge task. Mostly, this kind of stuff springs out of nowhere and spreads all over the place before anyone even knows what has happened - including the security experts. Even more frightening is the prospect that one day (and, this day is coming) someone is going to design an adaptive superworm, that can adapt to patches by getting in contact with its creator and getting details on new exploits to use. Maybe there will be a worm that can read an exploit database, and adapt its attacks accordingly, and can source this database via P2P or something. Anyway, expect more malware sickness in the future, not less.
driverjosh said:
It seems that we are under attack at every angle. IM, Cell Phone, everyones fave spywars, worms... blah blah I could go forever. I find it funny that a kid that goes to my former high school, was arrested a week or so ago, for identity theft. this is the second time he was involved in such activity. The first time he was turned in by his own family... they brought him right to the police station...
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.