3 min read

Expect Bigger Attacks After Microsoft, Yahoo Connect IM Networks

IM attacks are already exploding, up a whopping 2,000% since last year. The bigger, combined Microsoft-Yahoo network will let attacks spread even further and faster.
The deal struck Wednesday by Yahoo and Microsoft to make their instant messaging (IM) networks work together in 2006 may sound great at first glance, but security experts say that the merger will make IM an even bigger target for hackers and hucksters.

"Ninety-eight percent of the stories about Yahoo and Microsoft will be about the benefits of interoperability, how the deal will eliminate the traditional hurdles in IM," said Jon Sakoda, the chief technology officer for IMlogic, an Internet security firm that specializes in defending against IM and file-sharing threats.

Instead of those silver linings, Sakoda sees some possible gray clouds on the horizon. "IM worms have generally targeted individual networks, say, only Yahoo or MSN. That's why you haven't seen a global worm that propagates to millions," he said.

"There hasn't any interoperability, but this deal changes that."

Christopher Dean, the senior vice president of business development at rival FaceTime, agreed. "As you increase the size of network, there's a greater chance that [malicious] things can spread. It's a bigger network effect."

Although the speed with which IM attacks spread -- very very fast, compared to e-mailed attacks -- the size of the attacks will, said Dean. "The malware writers discovered IM networks for the first time this year, and once they discovered it, they're focusing on it. And yes, [the Yahoo-Microsoft announcement] will increase the spread of IM worms."

Security vendors such as IMlogic have reported a massive surge in IM threats during 2005. Year-to-date, IMlogic said in a recently published third quarter threat report, IM threats are up a whopping 2,083 percent over 2004.

"Attackers are comfortable in using e-mail and the Web," said IMlogic's Sakoda. "And they've now added IM."

The larger attack surface of an interoperable Yahoo-MSN IM network -- estimated at 49.2 million users, only slightly fewer than AOL's 51.5 million -- means that Yahoo and MSN users should expect more attacks.

"We really haven't seen [IM worms] propagate because networks have been closed and non-interoperable," said Sakoda. "Historically, AIM and MSN have received the lion's share of attacks, because malware writers know where the users are, just like bank robbers know where the money is."

Attacks across IM networks -- whether delivering worms, spim, or adware/spyware -- are notorious for arriving like a whirlwind, and disappearing just as fast. That's due, said FaceTime's Dean, to IM users' habit of clicking on links within messages, the fact that all messages seem to come from trusted sources (i.e., IM buddies), and because IM is, unlike e-mail, a real-time communication mode. That trio, he said, conspire to make IM attacks fast acting.

So fast, said Sakoda, that defenses have a hard time keeping up.

"The speed with which attacks hit is measured in minutes, and their worms spread faster than either the IM or security industry can respond. That's why they're becoming such a popular method of attack."

Even so, argued Dean, the benefit of Wednesday's cooperation is a good thing. "Having interoperability makes a great deal of sense," he said, "and I think it far outweighs any possible increase in attacks."

Sakoda's not so sure. "SMTP and open e-mail standards created a lot of benefits, but they opened a lot of security holes, too," he cautioned. "I see similar types of trends in the IM world."