News
News
3/8/2005
01:27 PM
Connect Directly
RSS
E-Mail
50%
50%

IM Threats Growing 50% Per Month

A threat center devoted to instant-messaging hacks put numbers to what IM users already know: IM threats are on the upswing.

As three more worms targeted Microsoft's MSN Messenger Tuesday, a threat center devoted to instant messaging hacks released detailed statistics that put numbers to what IM users already know: instant message threats are on the upswing.

According to the IMlogic Threat Center, a coordinated effort by several vendors, including IMlogic, McAfee, Symantec, and Sybari Software, IM and P2P exploits have exploded in 2005, and have grown 50 percent each month thus far.

"IM viruses and worms are growing exponentially," said IMlogic chief technology officer Jon Sakoda, in a statement.

The threat center has warned of more than 30 widespread incidents of IM or P2P viruses, worms, or other malicious code thus far in 2005, said Sakoda, with the bulk--81 percent--of them aimed at instant messengers.

Seven out of ten attacks put MSN Messenger, Windows Messenger, and the MSN IM network in the crosshairs, reported the center, while Yahoo and AOL have been the target of just 18 and 12 percent of the attacks, respectively.

The disparity between MSN Messenger and other instant messaging clients continued to grow Tuesday, as three more anti-MSN Messenger worms appeared.

Two new variants for the Kelvir and one for Sumon (also called Serflog by some anti-virus vendors, and even Fatso by others) have debuted since Monday's news of a wave of IM worms hitting Microsoft's client and public IM network.

Like earlier iterations, Kelvir.c and Kelvir.d entice MSN Messenger users to click on a link, which in turn takes them to a malicious site where the code--a version of the Spybot worm--is downloaded to their system, opening it up for attack or hijacking by spammers.

Kelvir.c uses the phrase "hot pic!!" along with a link, while Kelvir.d uses "haha look at us" as its come-on. Kelvir spreads by sending itself to everyone on the compromised MSN Messenger's contact list.

Sumon.b, very similar to its predecessor, Sumon, propagates over the eMule peer-to-peer file-sharing network as well as MSN Messenger, disables a long list of security software, and tries to overwrite the HOSTS file so commonly accessed security Web sites can't be reached. Its hallmarks are IMs reading "My new photo!" and "The Cat And The Fan," along with malicious links that download the worm.

Also on the IM worm front, Finnish security firm F-Secure reported Tuesday that its analysis of Sumon.a showed an embedded message to the author of the Assiral worm, a mass-mailed worm from late last month that, among other things, tried to kill copies of the IM-oriented Bropia worm it found.

"The message is quite rude and blasts Assiral's author for trying to eliminate Bropia worm infection by creating a new worm," said F-Secure's warning of Sumon on its security team's blog. "I really hope we're not going to see another War of the Worms like the Bagle-Netsky-MyDoom war last year," added the analyst, Mikko Hypponen, the manager of the company's anti-virus research efforts, in the blog.

In early 2004, a tit-for-tat battle raged among the authors of the Bagle, Netsky, and MyDoom worms, with each new version trying to eradicate rivals. The war, which was waged for several weeks, was one reason why the first three months of last year were among the most virus-plagued ever, most security firms have said.

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 20, 2014
CIOs need people who know the ins and outs of cloud software stacks and security, and, most of all, can break through cultural resistance.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.