IM and P2P threats increase

By Derek Sooman on January 9, 2006, 8:01 PM
Security threats via IM and P2P seem to be the new thing to worry about. During last year, threats to said networks increased by more than twenty-fold. There is in fact a 2,200 percent increase over 2004, according to a study by security firm FaceTime Communications.

The research indicated that quarter-on-quarter increase in security incidents is occurring at a 90 per cent compound annual growth rate. The MSN network was found to have experienced the largest number of incidents in both 2004 and 2005. For 2005, 57 percent of IM incidents targeted MSN, 37 percent targeted AOL, and 6 percent targeted Yahoo!. Year-on-year growth rates were largest on the AOL network with a 1,300 percent increase of security incidents.
2005 has been witness to a dramatic change in hacker attacks across multiple networks, as compared to the previous year, where security incidents primarily spread via one network only.




User Comments: 26

Got something to say? Post a comment
DragonMaster said:
What kind of thing are they doing? My IM accounts are often logged but almost never used(If not only once). Am I exposed to any risks?
spike said:
Just the usual - only more of it.Don't open anything you don't recognise as safe and you should be fine.
exscind said:
There are some attacks which are not initiated by users, so some cannot be excused and protected by having 3rd grade knowledge (you know, don't open unknown/strange files and attachments). But some attacks are so blatantly obvious it is amazing how people still got infected. And really, it is hard to pity those people who opens "freeXXX.exe" or "this_is_a_virus_do_not_open.exe," even if the offer is from a friend who was unknowningly affected by the attack.
blue_dragon said:
yea never run unknown .exe files XD
spike said:
I've never heared of an attack on the MSN IM network that requires no user interaction. FYI, I wasn't referring to files and attach,ents. I was referring to ANYTHING unknown/unrecognised.Howerver, even if such attacks do exist, this "third grade knowledge" as you put it prooves to be the most commonly applicable advice, and furthermore, often the most ignored.Considering such advice is rated by you as "third grade", you don't seem to have given much advice of your own.
Kaleid said:
Off topic but I thought it was worth posting:"Create an e-annoyance, go to jail":[url]http://news.com.com/Create+an+e-annoyance%2C+go+t
+jail/2010-1028_3-6022491.html?part=rss&tag=6022491&subj=n
ws[/url]
otmakus said:
I'm sure if there is a security hole in one of big Messenger services like MSN, Yahoo, or AOL, the hole will be patched immediately before any major damage is done. But there are a lot of way to do damage even without security flaws.In average, people use messengers a lot more than they use emails. And a lot of people still think that messenger is safer than emails. That would make messengers perfect targets, especially for phishing, giving links to malicious website, etc.There are security softwares that can monitor messenger sessions for harmful links, but the ultimate life saver is common sense. Never open any files and links from anyone before confirming it first to the sender.
PUTALE said:
i hope that the antivirus software makers, such as norton will realize this and acting now making thier software more secure. Also, i hope that vista will also taken the consideration with their security against these threats.
asphix said:
I guess its a good thing I've stopped using IMs for the most part.I think the reason these are targeted is because 90% of the people who dont know better on the net use IM's. 90% of the people who are on the net, and don't know practically anything about computers or smart computer useage use IMs frequently.A lot of people I know who frequently are found on IM's will click links from people without even reading what url the link is pointing to or if it makes any sense. That and the fact that these programs are designed for communication it makes sense.
nathanskywalker said:
well this really is not to surprising, really, if you know what you are doing, IM attacks are quite simple. That is, if you know how to use someones, IP against them...using and IM to get the IP is quite simple...
flavin said:
i know for a fact that AIM has messed up my computer. i dont use it cause i prefer to talk with my friends in person but my little sister uses it all the time. and i delete it but she just downloads it again. and every time things just get worse and she wont listen. i guess i just gotta wait 2 months or so till i can get my own computer that can hopefully stay virus free
exscind said:
[b]Originally posted by spike:[/b][quote]I've never heared of an attack on the MSN IM network that requires no user interaction. FYI, I wasn't referring to files and attach,ents. I was referring to ANYTHING unknown/unrecognised.Howerver, even if such attacks do exist, this "third grade knowledge" as you put it prooves to be the most commonly applicable advice, and furthermore, often the most ignored.Considering such advice is rated by you as "third grade", you don't seem to have given much advice of your own.[/quote]I think you're trying to argue with me, I can't tell for sure. If you are, I don't see why; my post was in total agreement with yours :). By not touching anything unknown, a normal person will be fine. I just merely added the part that sometimes there will be attacks which is not initiated by the user, albeit not nearly as often as opening anything unknown/unrecognized. And when that happens, there's little that can be done (besides a firewall for added security I suppose). But really, we're on the same side. I do think the "3rd grade knowledge," which I have somehow coined, is the most applicable and useful advice.As for advice, there really aren't many. The "3rd grade knowledge" should cover most of the attacks. Then slap on a firewall doesn't hurt either. Again, my previous comment wasn't jaded nor was it meant to criticize you, spike (I didn't even see your comment when I posted). We're arguing about the same thing :)
Mictlantecuhtli said:
[b]Originally posted by Kaleid:[/b][quote]Off topic but I thought it was worth posting:"Create an e-annoyance, go to jail":[url]http://news.com.com/Create+an+e-annoyance%2C+go+t
+jail/2010-1028_3-6022491.html?part=rss&tag=6022491&subj=n
ws[/url][/quote]That could apply for US citizens posting on TechSpot too.
Vaerilis said:
The results of the study are not suprising to me, since most people who use IM applications use the most obvious choices (not applications like Trillian or Gaim, but the standard AIM client, or the basic MSN one), and believe that most people messaginging them do so with good intentions. I don't blame them, but this would be a better world if the IM applications were made more foolproof. After all, most IM-ers are not computer savvy geeks like us :).On the other hand, I fail to see the increase in P2P threats. Don't download fishy stuff and you will be fine. P2P-ers should be more aware of the risks of careless downloading than some of them are. I've never had any problems, so it's hard for me to understand what drives people to open bogus-looking, infected files without scanning them first.
spike said:
[quote]I think you're trying to argue with me, I can't tell for sure. If you are, I don't see why; my post was in total agreement with yours.[/quote]No - just a misunderstanding :) My sincere apologies.
mastronaut said:
As if I need another reason to quit using the internet! The more I read the more jaded I become about the world wide net. I wish I could let my kids use this tool as an educational portal, but I have to worry about them haphazardly stumbling into porn just doing a google search! Now I have to keep them from using IMs too? This is nuts!I know kids should be monitored while on the computer blah, blah, my best monitor is just hand em a library card with no internet access and a pen and paper to 'message' their friends. No really, how can technology so promising turn into such a nightmare? Is there any hope for humanity?
dragonpac said:
its the RIAA, they can't sue fast enough so they infect your system
Cartz said:
Well mastronaut, I seriously doubt that you need to worry about your kids stumbling into porn on google. I use it multiple times a day, every day, for the last year and a half, I have never seen one porn related result. Unless they're looking for it, they're not going to find it.As for the IM viruses, you could take 15 minutes, sit them down and explain to them the basics of what bad people on the internet do, and how they do it. It's not hard to teach your child not to take gifts from strangers, it shouldn't be very hard to tell them to not download something, no matter who its from, without asking you first.This technology is far from a 'nightmare' as you so dramatically put it. The educational power of something like Google far outweighs the few risks involved with its use.P.S. Don't take this as a critcism in anyway, I honestly wish the world had more parents as concerned about their childs well-being as you obviously are. Kudos to you for that.
mentaljedi said:
I'm blinking a lot right now. I mean, this isn't new news, but i think the 2,200% increase is a bit huge. I was perhaps expecting 3-5 timse not 20!
PanicX said:
Gotta love how researchers use percentages to make their studies seem more significant. The entire article fails to note any point of valid statistics. Whats 2200%? Oh, you mean there were 22 more attacks this year? WOW SCARY!!Ok, I'm being facetious, but how can I be sure there's a dramatic threat out there? I'm more concerned with actual numbers of attacks and numbers of infections. Percentages to me are just a way to hide any real research with flashy pizazz.
Vaerilis said:
[b]Originally posted by PanicX:[/b][quote]Gotta love how researchers use percentages to make their studies seem more significant. The entire article fails to note any point of valid statistics. Whats 2200%? Oh, you mean there were 22 more attacks this year? WOW SCARY!!Ok, I'm being facetious, but how can I be sure there's a dramatic threat out there? I'm more concerned with actual numbers of attacks and numbers of infections. Percentages to me are just a way to hide any real research with flashy pizazz.[/quote]Statistics pulled out of the back drawer are a vital element in an article when the journalist can't find enough filler material to complete the article.Since no one knows for sure how many attacks were committed over IM apps, botnets, random hackers, or trojans downloaded via P2P (or by using bogus, trojan-fillled applications), some part of those statistics must be made up or at least inaccurate. Of course, they could have asked a number of people about their experiences, but that isn't exactly an accurate nd objective method to get information.Quote from the article:"According to the study by FaceTime Communications, incident frequency appears to be accelerating with almost 800 incidents recorded in the fourth quarter of 2005, compared with 59 in the first quarter of 2005."800? The scale of that survey is way too small!
Cartz said:
[b]Originally posted by Vaerilis:[/b][quote]Statistics pulled out of the back drawer are a vital element in an article when the journalist can't find enough filler material to complete the article.Since no one knows for sure how many attacks were committed over IM apps, botnets, random hackers, or trojans downloaded via P2P (or by using bogus, trojan-fillled applications), some part of those statistics must be made up or at least inaccurate. Of course, they could have asked a number of people about their experiences, but that isn't exactly an accurate nd objective method to get information.Quote from the article:"According to the study by FaceTime Communications, incident frequency appears to be accelerating with almost 800 incidents recorded in the fourth quarter of 2005, compared with 59 in the first quarter of 2005."800? The scale of that survey is way too small![/quote]Perhaps the scale is a little small, but it serves its purpose in highlighting that threats are more prevelant now then they were on P2P and IM networks.I know for a fact that in '05 I recieved at least 5 or 6 links to questionable sites from friends on my MSN list. None of them were sent by my actual friends, and they later found viruses and serious spyware infections on their systems. Luckily I only use MSN on my blackberry, and therefore am immune to those MSN attacks. :)My home PC definately got a virus, from a torrent that was distributing a piece of software that was linked from sourceforge. I nabbed it before it actually got into my system, but it served as a lesson to me that viruses can come from pretty much anywhere, even open source sites that are reputable. The article only serves to warn us that these threats are more prevelant then they once were. Would the gain in validity the article achieved from having meticulously researched facts and statistics really be worth it? No, it makes it's point just fine with the narrow sample it's employed.
Vaerilis said:
Pointing out the obvious facts is something everyone can do, but when referring to a study, throwing random numbers around will just diminish credibiliy. Surely, the internet requires us to be more careful, but talking about global tendencies based on several hundred cases is foolish. The number of attacks is on a different scale. Millions (probably even more) of trojans and other malicious programs and scripts attack users every year. 800 examples by no means enough to give even a vaguely accurate picture.
xerowingsx5k said:
Well I would suggest using 3rd party IM programs like GAIM or Trillian, both can use MSN, AIM, Yahoo!, MIRC, etc. I've found these programs far safer than the clients provided by Microsoft, AOL, and Yahoo! . I'm sure companies are working hard to keep their chat clients safe but it's also up to users to stay vigilant.
iluvnug said:
Zonealarm security suite protects my IM. Gotta be safe.
enasni said:
So why wasn't Yahoo attacked with more force?They provide a huge amount of service to many people.Is it possible that Yahoo contains a better defense against these attacks. Why aren't these other companies asking any questions like these direct to Yahoo?
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.