IM Threats Growing 50% Per Month - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


IM Threats Growing 50% Per Month

A threat center devoted to instant-messaging hacks put numbers to what IM users already know: IM threats are on the upswing.

As three more worms targeted Microsoft's MSN Messenger Tuesday, a threat center devoted to instant messaging hacks released detailed statistics that put numbers to what IM users already know: instant message threats are on the upswing.

According to the IMlogic Threat Center, a coordinated effort by several vendors, including IMlogic, McAfee, Symantec, and Sybari Software, IM and P2P exploits have exploded in 2005, and have grown 50 percent each month thus far.

"IM viruses and worms are growing exponentially," said IMlogic chief technology officer Jon Sakoda, in a statement.

The threat center has warned of more than 30 widespread incidents of IM or P2P viruses, worms, or other malicious code thus far in 2005, said Sakoda, with the bulk--81 percent--of them aimed at instant messengers.

Seven out of ten attacks put MSN Messenger, Windows Messenger, and the MSN IM network in the crosshairs, reported the center, while Yahoo and AOL have been the target of just 18 and 12 percent of the attacks, respectively.

The disparity between MSN Messenger and other instant messaging clients continued to grow Tuesday, as three more anti-MSN Messenger worms appeared.

Two new variants for the Kelvir and one for Sumon (also called Serflog by some anti-virus vendors, and even Fatso by others) have debuted since Monday's news of a wave of IM worms hitting Microsoft's client and public IM network.

Like earlier iterations, Kelvir.c and Kelvir.d entice MSN Messenger users to click on a link, which in turn takes them to a malicious site where the code--a version of the Spybot worm--is downloaded to their system, opening it up for attack or hijacking by spammers.

Kelvir.c uses the phrase "hot pic!!" along with a link, while Kelvir.d uses "haha look at us" as its come-on. Kelvir spreads by sending itself to everyone on the compromised MSN Messenger's contact list.

Sumon.b, very similar to its predecessor, Sumon, propagates over the eMule peer-to-peer file-sharing network as well as MSN Messenger, disables a long list of security software, and tries to overwrite the HOSTS file so commonly accessed security Web sites can't be reached. Its hallmarks are IMs reading "My new photo!" and "The Cat And The Fan," along with malicious links that download the worm.

Also on the IM worm front, Finnish security firm F-Secure reported Tuesday that its analysis of Sumon.a showed an embedded message to the author of the Assiral worm, a mass-mailed worm from late last month that, among other things, tried to kill copies of the IM-oriented Bropia worm it found.

"The message is quite rude and blasts Assiral's author for trying to eliminate Bropia worm infection by creating a new worm," said F-Secure's warning of Sumon on its security team's blog. "I really hope we're not going to see another War of the Worms like the Bagle-Netsky-MyDoom war last year," added the analyst, Mikko Hypponen, the manager of the company's anti-virus research efforts, in the blog.

In early 2004, a tit-for-tat battle raged among the authors of the Bagle, Netsky, and MyDoom worms, with each new version trying to eradicate rivals. The war, which was waged for several weeks, was one reason why the first three months of last year were among the most virus-plagued ever, most security firms have said.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
Data Science: How the Pandemic Has Affected 10 Popular Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/9/2020
The Growing Security Priority for DevOps and Cloud Migration
Joao-Pierre S. Ruth, Senior Writer,  9/3/2020
Dark Side of AI: How to Make Artificial Intelligence Trustworthy
Guest Commentary, Guest Commentary,  9/15/2020
Register for InformationWeek Newsletters
Current Issue
IT Automation Transforms Network Management
In this special report we will examine the layers of automation and orchestration in IT operations, and how they can provide high availability and greater scale for modern applications and business demands.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll