Instant-Messaging Attacks Increase in 2005

formatting link
By Tom Espiner
formatting link
Security attacks over instant-messaging networks became more prevalent in 2005, according to a new study. Microsoft's MSN network experienced the largest number of IM security incidents in both 2004 and 2005, while year-on-year incident growth rates were largest on America Online's AIM network, according to the report, published Monday by IM security vendor FaceTime Communications.

In 2005, MSN had a 57 percent share of the attacks, AOL had 37 percent and Yahoo had 6 percent, FaceTime said in its "Impact report: Analysis of IM & P2P Threats in 2005."

While the incidence rate of attacks over IM is still low compared with e-mail-borne attacks, the rate appears to be increasing rapidly. There were 778 incidents recorded in the fourth quarter of last year compared with 59 in the first quarter, according to the report.

"IM threats are extremely challenging for corporate IT staff because they utilize real-time communications channels and proven social engineering techniques over worldwide IM networks to propagate significantly faster than e-mail-based attacks," FaceTime said in a statement.

Worms and rootkits were at the heart of the main incidents in 2005, said Chris Boyd, security research manager at FaceTime who also warned of the growing danger of cross-network attacks.

"Hacker groups are getting more sophisticated and are beginning to attack across multiple networks. In 2004, AOL experienced the most attacks. But in 2005 there were more crossovers from AOL to the MSN network, as MSN became more popular with users," Boyd said. "There's some really nasty stuff coming through the AOL network, and it's AOL that's being used as a jump-off for other networks."

FaceTime said that exploits can jump networks through IM "consolidation" applications, such as Trillian or Gaim, which let people combine contacts from multiple IM networks on one list.

Boyd also warned that the hackers are working on new exploits. "Hacker groups have large (compromised) server farms to experiment with propagating exploits. They hide Trojans and viruses, and control these botnets via IRC," he said.

MSN declined to comment specifically on the FaceTime statistics, but agreed that the threat risk via IM networks was increasing.

"Unfortunately, over the last year, the industry has seen viruses and other online threats spread through IM systems, often via Web site links," an MSN representative said. "We recommend that customers do not click on attachments or links in IM without confirming their validity with the person who sent them."

AOL had not commented on FaceTime's statistics at the time of writing.

FaceTime claimed last November that one hacker group had taken control of 17,000 PCs using an IM worm, and Boyd said this area was still causing problems. "The main and nastiest infections come from the Middle East. We've found a viper nest of hacker dens there," he said. "We've found that lots of hardcore Middle Eastern hacker groups have embraced IM as a launchpad for attacks."

The motivation for these attacks isn't financial, he claimed: "For these gangs, financial gain is less important than making serious political statements. They engage in Web page defacement, and some claim the war as motivation," said Boyd. "The FBI is involved--they've looked at the data we've collected and have used it as a basis for investigation."

The FBI would not confirm or deny whether the data had been passed to them. "We encourage individuals and organizations to come forward to report any suspected crime, but provide confidentiality for them," an FBI official said.

Tom Espiner reported for ZDNet UK.

Copyright 1995-2006 CNET Networks, Inc.

NOTE: For more telecom/internet/networking/computer news from the daily media, check out our feature 'Telecom Digest Extra' each day at

formatting link
. Hundreds of new articles daily. And, discuss this and other topics in our forum at
formatting link
(or)
formatting link
Also see more tech reports at:
formatting link

Reply to
Tom Espiner
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.