Evolved worms target instant messaging networks

The fact that a compatible client is all that's needed for an IM session means new prominence for IM as a target of attacks.

'Scamming for information is as old as gossip,' explains Justin Doo, regional director, Middle East and North Africa. 'Now it is technology that defines how it is done. These days, phishing for credit card details or log-in access has moved from the most common technologies - such as e-mail and Web pages - to Instant Messaging.'

The first noted IM worm, WORM_CHOKE.A, automatically sent itself as an attachment to whoever initiated a chat session with an infected user. Recent Trend Micro research shows that there are now between 90 and 100 different malware variants that spread via IM.

The most common means of IM propagation are via file attachments, or via a hyperlink to a download site where malicious code is stored. The downloaded code could be a worm, a keystroke logger, adware, or spyware. IM can open the door to phishing, browser hijacking, as well as Denial of Service attacks. With Instant Messaging becoming more prevalent as individuals, employees, and e-businesses all use IM to communicate, the list of possible IM threat victims is also growing.

Many worms, such as variants of WORM_KELVIR, WORM_AGOBOT, and WORM_BROPIA can also spread via IM, in addition to being propagated via attachments to e-mail messages. As is the case for mixed malware threats, these worms can optionally make use of a number of unpatched vulnerabilities, since exploit code is readily available to malware authors on the Internet. Given that scenario, IM threats are likely to increase.

'The yearly roundups and forecasts show that interest in IM was previously tentative because of its limited capability. Now that IM has richer features, and given the trend of malware today, IM attacks will be here to stay, and will grow until specific security measures are implemented both technology-wise and by users,'

says Doo.

Attacks will also increase in sophistication. IM malicious code could make itself harder to detect by mutating several of the elements that security systems use to identify it.

'Because we live in a world where information is key, and because IM is quicker in message delivery than e-mail, the growing popularity of online chat communities and discussion groups exposes users to an ever-growing number of possible contacts. To protect yourself, make sure you use powerful anti-virus and anti-spyware products, and keep them up-to-date with the latest pattern files. Additionally, do not click on suspicious links or download dubious files,' adds Doo.