Experts: Hackers Turning to Instant-Messaging as Prime Target

New research indicates that hackers are increasingly turning their efforts toward IM-borne attacks, with experts saying that businesses and end users remain largely ignorant to the growing problem.

According to the latest report from anti-malware applications vendor Postini, the sheer volume of instant messaging threats it tracked during April 2006 increased by nearly 25 percent, compared with the number of similar threats it detected during March.

While the percentage of IM traffic that included viruses remains relatively low, at less than 1 percent of all the IM conversations monitored by Postini during April, the shift toward IM threats appears to be gaining momentum, company officials said.

As evidence of the increasing sophistication of IM attacks, Postini said it discovered a variant of the Mytob virus, which previously had been seen only in e-mails, that was leveled at all major IM and enterprise messaging clients.

Among the Trojan horse viruses that are being delivered via IM were the IMFlood and JahuKit attacks, while related worm viruses included the Appflet, YahooSpy, Mpass and MSNFake threats.

"Unfortunately the hackers are out in front of the good guys in terms of recognizing that IM is a very palatable way to attack desktops," said Andrew Lochart, senior director of marketing for Postini. "Since the hackers have perfected their craft in e-mail, in terms of what the payload does when it gets to a victim's computer, we're seeing every variation of virus being delivered over IM, from rootkits to keystroke loggers and worms."

Postini maintains that security threats aimed at IM systems, file-sharing tools and other real-time communication technologies increased by just under 1,700 percent in 2005, compared with 2004, with a total of over 2,400 unique attacks.

The firm said that 90 percent of the of IM-related security attacks it observed during 2005 included worm propagation, while 9 percent delivered viruses and only 1 percent of the threats utilized known client vulnerabilities or exploits.

From a regional perspective, Lochart said that U.S. companies tend to be at an even greater risk because IM applications have become such popular workplace productivity tools across the nation, while far fewer European workers are using the messaging systems.

As with other forms of IT threats, Postini contends that IM attacks are increasingly being launched by organized criminals looking for financial returns from their efforts, versus the script kiddies of years past who merely sought to gain fame via the creation of more nuisance-oriented types of malware.

"One of the things that has limited the adoption of protective measures for IM is the nature of viruses in general, as the writers are looking for a way to hide their attacks instead of trying to let you know that they are on your computer," Lochart said. "And if you're a hacker, spammer or phisher, you're realizing that the e-mail virus filters have gotten a lot better while IM remains largely unprotected, which is just the sort of opportunity that these guys are looking for."

Check out's Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzer's Weblog.

Copyright © 2006 Ziff Davis Media Inc. All Rights Reserved. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Media Inc. is prohibited.