Instant message worm attacks increasing

Instant messaging is continuing its march toward ubiquity in the workplace -- and most often, employee use public tools from Microsoft, Yahoo, and America Online.

(MSNBC is a Microsoft - NBC joint venture.)

According to a recent study by the Ridicati Group, by 2008, 88 percent of workplace users will rely on a such a public network. That raises security concerns, because even interoffice messages are sent over the Internet, outside the control of network administrators. Interoffice e-mail is easier to contain.

"We're seeing people wake up to the fact that IM is everywhere, and virus writers and worm writers are waking up to the fact that it's a powerful means to propagate malicious code," Sakoda said.

So far, IM worms haven't risen to the level of a notorious virus like Code Red or LoveBug. But researchers say it's certainly possible -- particularly if virus writers find a way to make the program spread on its own, without requiring a recipient to click on a link. Symantec Corp. has done simulations suggesting entire corporations could become infected in less than a minute.

"In our annual Internet security threat report, we predicted this would be taking place, a rise in IM-based threats," said Symantec's Alfred Huger.

So far, Landesman said, Microsoft's MSN Messenger has been the most tempting target for virus writers. Of the 50 or so IM worms she's counted since 2001, about 40 have targeted Microsoft products. The others were evenly split between America Online's AIM and Yahoo Messenger. Sakoda said about two-thirds of the worms he's seen target Microsoft's tools. (MSN Messenger is targeted at home users; Windows Messenger at business users.)

"It just means that MSN and Windows Messenger are popular internationally, and most of these worms surface overseas first," Sakoda said.

For now, consumers who use the popular tools should know they are facing increased risks, Landesman said. The best thing to do is be extremely skeptical when clicking on links sent over instant message tools, even if they appear to be from people you know.

"You have to assume that links in IM are bad until proven otherwise,"  she said.

MORE FROM SECURITY

Security Section Front

Pentagon: Insurgents intercepted spy videos Privacy watchdog files complaint against Facebook Ohio court: Cell phone searches require warrant Nearly 1 in 3 older teens gets ‘sexting’ messages Australia to block obscene, crime-linked sites After criticism, Facebook tweaks settings again Court reviews employer access to texts NYT: U.S., Russia open talks on cyberwar limits Red Tape: Holiday ‘cyberbegging’ grows on eBay Internet users lured to oppose health bills Security Section Front   Add Security headlines to your news reader: