Your IM Buddy, Or A Hacker? It's Getting Harder To Tell - InformationWeek
02:50 PM
Connect Directly
[Dark Reading Crash Course] Finding & Fixing Application Security Vulnerabilitie
Sep 14, 2017
Hear from a top applications security expert as he discusses key practices for scanning and securi ...Read More>>

Your IM Buddy, Or A Hacker? It's Getting Harder To Tell

Just before New Year's, some Europeans received a link from the buddy list in their MSN Instant Messenger software to a purported funny Christmas picture. The joke was on them. Clicking on the link let in a worm that exploited the recent Windows Meta File vulnerability, giving hackers access to their PCs.

That's just one example--out of a few thousand--of how hackers used IM to attack computers in the past year. Instant-messaging security vendors FaceTime Communications Inc. and IMlogic Inc. reported last week that malware delivered over instant-message clients has skyrocketed in recent months. FaceTime cites a more than 20-fold increase in the number of reported IM worm and virus variants since 2004. And in a sign that larger security companies are taking IM threats seriously, Symantec Corp. said last week that it will acquire IMlogic for an undisclosed sum.

In addition to FaceTime and IMlogic, vendors such as Akonix Systems Inc. and MessageLabs Ltd. offer software and hardware to manage enterprise instant messaging and protect networks from attack. According to the Radicati Group, 85% of businesses of all sizes say instant messaging is taking place on their networks. And, as Gartner analyst Andrew Jacquith puts it, "There's always going to be some dope who clicks on a message, no matter how robotic or obviously fake it looks."

IM client software is pervasive within businesses and can serve as a powerful business tool, so companies should have a plan for dealing with it. Education is key, but so is proper management.

Energy brokerage firm Amerex Energy tracks about 150 IM users in its Houston corporate offices. It bought IMlogic's IM Manager to archive chats when brokers started closing deals via instant messages, but CIO Brian Trudeau says it also offers security. "It gives us the capability to control IMs a little bit more," he says. Using IM Manager, Amerex blocks all file uploads to IM clients and can specify who uses instant messaging and when.

Just Like E-Mail

IM attacks usually look and feel like E-mail attacks: They try to get targeted users to either download an infected file or click on a link that sends them to a Web site where they'll be infected with a virus. "A lot of the things that you thought about in the last decade about managing your E-mail can be applied to instant messaging," IMlogic CEO Francis DeSouza says. Like the broader security-software community, vendors specializing in IM have antivirus capabilities and software that lets companies block downloads and blacklist certain Web sites and can log and archive all chats.

IM ThreatsBut IM attacks are getting more devious. Just last week, FaceTime found one on AOL Instant Messenger. The company quickly contacted AOL, as well as Microsoft and Yahoo, since many attacks are cross-platform. Tens of thousands of AOL client machines were unknowingly infected with BitTorrent, a peer-to-peer downloading program often used to download copyrighted material. With this installed, hackers could upload a movie to a victim's hard drive and use the PC as a vehicle for sharing the content with others.

Virus attacks are getting more complex, too, moving away from the simple social engineering that might spur someone to send money to a Nigerian "prince" or click the link for a picture of Osama bin Laden. Late last month, security vendors started seeing malicious code that went beyond a link or file and created automated responses to victim's queries. So a victim might ask his IM "buddy" if the file was safe, and the malicious bot would respond that it was. IMlogic discovered a bot that responded six different ways, depending on the question a victim asked.

No attack has hit millions of users--yet. But since people often read and respond to IMs more quickly than E-mail, a virus could broadside a company in a matter of minutes.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll