Online safety threats lurk in instant messages
LATEST NEWS
- Video will drive UFB uptake, but NZ lacks content choices: ComCom || 1
- TelstraClear's half-year revenue drops by 4 percent, but telco posts $1m profit
- Peter Finch leaves CIO post at Gen-i || 1
- 2degrees announces 875,656 customers
- NZ Fauna app fills 'crazy' lack of animal info || 4
- Megaupload interest a mixed blessing for Pirate Party || 2
SUBSCRIBE
Computerworld is New Zealand's only specialised information systems fortnightly. Subscribe now for $100 (23 issues) and save more than 37% off the cover price!
SIGN UP
IM security vendor says recorded threats have doubled since last year
By Erik Larkin | San Francisco | Tuesday, 4 October, 2005
Most internet users know to be leery of email attachments, even when they seem to come from a friend or colleague. These days, however, they also have to be careful of instant messaging attachments and links — because the virus writers are already there, too.
"We've done a much better job of locking down email," says Francis Costello, chief technical officer at San Diego-based Akonix, which helps clients secure instant messaging and peer-to-peer software. "People are turning to instant messaging as the new attack vector."
In the first quarter of this year, Costello says, Akonix saw more than double the 17 IM threats it found in all of 2004. And in the second quarter, there were four times as many threats as in the first quarter.
IM worms hijack IM clients by first reading a user's buddy list of contacts. Then the worm sends a message along the lines of "hehe :) i found this funny movie" to the people on that list, with a link that downloads the worm. Or the message might be "hey, check out this picture" and have the worm attached.
Some hybrid worms split the attack by going after instant messaging and peer-to-peer networks at the same time. One version of the Bropia worm sends out instant messages and drops itself into the shared directory of popular P-to-P apps.
Another worm, Win32.VB, can also spread itself via IM and P-to-P, but adds a new twist. It forces its host to open up to the internet and help spread the worm. When the worm sends out an instant message with a link, the link goes to the computer hosting the worm.
Although some IM attacks are becoming more innovative, most worms of this type are "kind of crude to date," Costello says, "but crude is working very effectively. Unfortunately, the one thing I've learned in this business is that [virus writers] will innovate."
Some ways to protect against IM nasties are:
Enabling real-time virus protection: Antivirus programs include protections against any IM worm attachments that sneak by you.
Be wary of any message: Take special care if it comes by itself with a link or an attachment, even if it looks to be from someone on your buddy list. Before clicking, ask your friend if they sent it. No response, no click.
Filter IM traffic: Companies should consider updating their networks to separate their internal IM traffic from internet-based IM traffic, or preventing all internet-bound messaging.
MOST POPULAR
Social Media @Computerworld NZ
Computerworld NZ has now reached LinkedIn! Join to expand your networks and meet others interested in information systems.
