IM Threats Growing 50% Per Month - InformationWeek
IoT
IoT
News
News
3/8/2005
01:27 PM
50%
50%

IM Threats Growing 50% Per Month

A threat center devoted to instant-messaging hacks put numbers to what IM users already know: IM threats are on the upswing.

As three more worms targeted Microsoft's MSN Messenger Tuesday, a threat center devoted to instant messaging hacks released detailed statistics that put numbers to what IM users already know: instant message threats are on the upswing.

According to the IMlogic Threat Center, a coordinated effort by several vendors, including IMlogic, McAfee, Symantec, and Sybari Software, IM and P2P exploits have exploded in 2005, and have grown 50 percent each month thus far.

"IM viruses and worms are growing exponentially," said IMlogic chief technology officer Jon Sakoda, in a statement.

The threat center has warned of more than 30 widespread incidents of IM or P2P viruses, worms, or other malicious code thus far in 2005, said Sakoda, with the bulk--81 percent--of them aimed at instant messengers.

Seven out of ten attacks put MSN Messenger, Windows Messenger, and the MSN IM network in the crosshairs, reported the center, while Yahoo and AOL have been the target of just 18 and 12 percent of the attacks, respectively.

The disparity between MSN Messenger and other instant messaging clients continued to grow Tuesday, as three more anti-MSN Messenger worms appeared.

Two new variants for the Kelvir and one for Sumon (also called Serflog by some anti-virus vendors, and even Fatso by others) have debuted since Monday's news of a wave of IM worms hitting Microsoft's client and public IM network.

Like earlier iterations, Kelvir.c and Kelvir.d entice MSN Messenger users to click on a link, which in turn takes them to a malicious site where the code--a version of the Spybot worm--is downloaded to their system, opening it up for attack or hijacking by spammers.

Kelvir.c uses the phrase "hot pic!!" along with a link, while Kelvir.d uses "haha look at us" as its come-on. Kelvir spreads by sending itself to everyone on the compromised MSN Messenger's contact list.

Sumon.b, very similar to its predecessor, Sumon, propagates over the eMule peer-to-peer file-sharing network as well as MSN Messenger, disables a long list of security software, and tries to overwrite the HOSTS file so commonly accessed security Web sites can't be reached. Its hallmarks are IMs reading "My new photo!" and "The Cat And The Fan," along with malicious links that download the worm.

Also on the IM worm front, Finnish security firm F-Secure reported Tuesday that its analysis of Sumon.a showed an embedded message to the author of the Assiral worm, a mass-mailed worm from late last month that, among other things, tried to kill copies of the IM-oriented Bropia worm it found.

"The message is quite rude and blasts Assiral's author for trying to eliminate Bropia worm infection by creating a new worm," said F-Secure's warning of Sumon on its security team's blog. "I really hope we're not going to see another War of the Worms like the Bagle-Netsky-MyDoom war last year," added the analyst, Mikko Hypponen, the manager of the company's anti-virus research efforts, in the blog.

In early 2004, a tit-for-tat battle raged among the authors of the Bagle, Netsky, and MyDoom worms, with each new version trying to eradicate rivals. The war, which was waged for several weeks, was one reason why the first three months of last year were among the most virus-plagued ever, most security firms have said.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
2018 State of the Cloud
2018 State of the Cloud
Cloud adoption is growing, but how are organizations taking advantage of it? Interop ITX and InformationWeek surveyed technology decision-makers to find out, read this report to discover what they had to say!
Commentary
Tech Vendors to Watch in 2019
Susan Fogarty, Editor in Chief,  11/13/2018
Commentary
Getting DevOps Wrong: Top 5 Mistakes Organizations Make
Bill Kleyman, Writer/Blogger/Speaker,  11/2/2018
Commentary
AI & Machine Learning: An Enterprise Guide
James M. Connolly, Executive Managing Editor, InformationWeekEditor in Chief,  9/27/2018
Register for InformationWeek Newsletters
Video
Current Issue
The Next Generation of IT Support
The workforce is changing as businesses become global and technology erodes geographical and physical barriers.IT organizations are critical to enabling this transition and can utilize next-generation tools and strategies to provide world-class support regardless of location, platform or device
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll