Today, Instant Messaging (IM) is used on PCs, between smartphones, via WiFi or Bluetooth wireless connections, with gaming devices, and through infrared-compatible devices. The fact that a compatible client is all that's needed for an IM session means new prominence for IM as a target of attacks.
“Scamming for information is as old as gossip,” explains Justin Doo, regional director, Middle East and North Africa. “Now it is technology that defines how it is done. These days, phishing for credit card details or log-in access has moved from the most common technologies – such as e-mail and Web pages – to Instant Messaging.”
The first noted IM worm, WORM_CHOKE.A, automatically sent itself as an attachment to whoever initiated a chat session with an infected user. Recent Trend Micro research shows that there are now between 90 and 100 different malware variants that spread via IM.
The most common means of IM propagation are via file attachments, or via a hyperlink to a download site where malicious code is stored. The downloaded code could be a worm, a keystroke logger, adware, or spyware. IM can open the door to phishing, browser hijacking, as well as Denial of Service attacks. With Instant Messaging becoming more prevalent as individuals, employees, and e-businesses all use IM to communicate, the list of possible IM threat victims is also growing.
Many worms, such as variants of WORM_KELVIR, WORM_AGOBOT, and WORM_BROPIA can also spread via IM, in addition to being propagated via attachments to e-mail messages. As is the case for mixed malware threats, these worms can optionally make use of a number of unpatched vulnerabilities, since exploit code is readily available to malware authors on the Internet. Given that scenario, IM threats are likely to increase.
“The yearly roundups and forecasts show that interest in IM was previously tentative because of its limited capability. Now that IM has richer features, and given the trend of malware today, IM attacks will be here to stay, and will grow until specific security measures are implemented both technology-wise and by users,” says Doo.
Attacks will also increase in sophistication. IM malicious code could make itself harder to detect by mutating several of the elements that security systems use to identify it.
“Because we live in a world where information is key, and because IM is quicker in message delivery than e-mail, the growing popularity of online chat communities and discussion groups exposes users to an ever-growing number of possible contacts. To protect yourself, make sure you use powerful anti-virus and anti-spyware products, and keep them up-to-date with the latest pattern files. Additionally, do not click on suspicious links or download dubious files,” adds Doo.
About Trend Micro, Inc
Trend Micro, Inc. is a leader in network antivirus and Internet content security software and services. The Tokyo-based corporation has business units worldwide. Trend Micro products are sold through corporate and value-added resellers and managed service providers. For additional information and evaluation copies of all Trend Micro products, visit our Web site, www.trendmicro-middleeast.com
# # #
Trend Micro and the t-ball logo are trademarks or registered trademarks of Trend Micro Incorporated. All other company or product names may be trademarks or registered trademarks of their owners. Information is accurate time it was written and is subject to change without notice.
