IM Attacks Rise

As business professionals increase their use of IM (define) programs, distribution of malicious code becomes more of a threat, according to data released by Postini.

Traffic on IM clients increased 138 percent in May. In the same period, attacks on the platform went up 500 percent. Postini attributes a portion of the increase to new clients adopting the service, but a large potion is due to opportunistic spammers taking hold of the medium.

“What we are seeing is the ongoing trend that we observed through all of last year, that the bad guys are more and more using IM to deliver spyware, worms, and viruses,” said Andrew Lochart, senior director of marketing at Postini.

AOL Instant Messenger (AIM) took in the majority of attacks, and 8 of 22 were blocked by filters. Additional attacks hit IM clients offered by Yahoo and MSN, and some attacks spread across all clients.

IM Client Attacks, May 2006
Malware Name Date Discovered Protocol Affected
Troj/Bckdr-HPP 5/2/2006 AIM
IM.Marphish4.Yahoo 5/3/2006 Yahoo
WORM_RBOT.AHS 5/4/2006 All IM
W32/Rbot-DID 5/5/2006 AIM
W32/Kassbot-P 5/15/2006 All IM
W32/Kassbot-P 5/15/2006 All IM
W32/Tilebot-ES 5/17/2006 AIM
W32/Tilebot-ET 5/17/2006 AIM
W32/Tilebot-EU 5/18/2006 AIM
Troj/Khoobe-B 5/19/2006 MSN
W32.Browaf 5/22/2006 Yahoo
PHISH.Yahoo.WARIO 5/24/2006 Yahoo
TROJ_BROWSAFE.A 5/24/2006 Yahoo
APStrojan.ub 5/25/2006 AIM
W32/Browaf.worm 5/25/2006 Yahoo
Troj/Mesoto-B 5/25/2006 MSN
W32/Tilebot-EY 5/25/2006 AIM, MSN,Yahoo
W32/Tilebot-FA 5/25/2006 AIM
W32.Gaobot.EUX 5/26/2006 AIM
BlackAngel.A 5/27/2006 MSN
W32/Melo.worm.gen 5/30/2006 MSN
Troj/Mesoto-C 5/30/2006 MSN
Source: Postini, 2006

Bad actors sending out malicious code are embracing the software because it remains largely unprotected and a recipient is much less likely to have his defenses up, said Lochart. “It’s common sense: fashioning and doing what the Internet was built for. If you find an obstacle, work around it,” he said.

Although a handful of companies have put products in place to block harmful attacks on IM, not all companies are supportive of the communications tool at this time. “The attitude about IM is really all over the map,” said Lochart. “There are some businesses at the forefront of seeing the benefits of IM, as a productivity enhancer and a way to lower some operating costs.”

Postini reports traffic and messages blocked through its filtering product.

Related reading