IM Attacks Rise
Attacks on IM programs continue to rise as businesses adopt the communications channel.
As business professionals increase their use of IM (define) programs, distribution of malicious code becomes more of a threat, according to data released by Postini.
Traffic on IM clients increased 138 percent in May. In the same period, attacks on the platform went up 500 percent. Postini attributes a portion of the increase to new clients adopting the service, but a large potion is due to opportunistic spammers taking hold of the medium.
“What we are seeing is the ongoing trend that we observed through all of last year, that the bad guys are more and more using IM to deliver spyware, worms, and viruses,” said Andrew Lochart, senior director of marketing at Postini.
AOL Instant Messenger (AIM) took in the majority of attacks, and 8 of 22 were blocked by filters. Additional attacks hit IM clients offered by Yahoo and MSN, and some attacks spread across all clients.
| IM Client Attacks, May 2006 | ||
|---|---|---|
| Malware Name | Date Discovered | Protocol Affected |
| Troj/Bckdr-HPP | 5/2/2006 | AIM |
| IM.Marphish4.Yahoo | 5/3/2006 | Yahoo |
| WORM_RBOT.AHS | 5/4/2006 | All IM |
| W32/Rbot-DID | 5/5/2006 | AIM |
| W32/Kassbot-P | 5/15/2006 | All IM |
| W32/Kassbot-P | 5/15/2006 | All IM |
| W32/Tilebot-ES | 5/17/2006 | AIM |
| W32/Tilebot-ET | 5/17/2006 | AIM |
| W32/Tilebot-EU | 5/18/2006 | AIM |
| Troj/Khoobe-B | 5/19/2006 | MSN |
| W32.Browaf | 5/22/2006 | Yahoo |
| PHISH.Yahoo.WARIO | 5/24/2006 | Yahoo |
| TROJ_BROWSAFE.A | 5/24/2006 | Yahoo |
| APStrojan.ub | 5/25/2006 | AIM |
| W32/Browaf.worm | 5/25/2006 | Yahoo |
| Troj/Mesoto-B | 5/25/2006 | MSN |
| W32/Tilebot-EY | 5/25/2006 | AIM, MSN,Yahoo |
| W32/Tilebot-FA | 5/25/2006 | AIM |
| W32.Gaobot.EUX | 5/26/2006 | AIM |
| BlackAngel.A | 5/27/2006 | MSN |
| W32/Melo.worm.gen | 5/30/2006 | MSN |
| Troj/Mesoto-C | 5/30/2006 | MSN |
| Source: Postini, 2006 | ||
Bad actors sending out malicious code are embracing the software because it remains largely unprotected and a recipient is much less likely to have his defenses up, said Lochart. “It’s common sense: fashioning and doing what the Internet was built for. If you find an obstacle, work around it,” he said.
Although a handful of companies have put products in place to block harmful attacks on IM, not all companies are supportive of the communications tool at this time. “The attitude about IM is really all over the map,” said Lochart. “There are some businesses at the forefront of seeing the benefits of IM, as a productivity enhancer and a way to lower some operating costs.”
Postini reports traffic and messages blocked through its filtering product.
