Instant messaging security incidents soar

Every month of this year has seen a 50 per cent increase in reported instant messaging security incidents with more than 30 newly detected IM threats including viruses, worms and spam-over-IM (spim) malware.

According to IM vendor IMLogic's Threat Center, there have been over 12 priority alerts in the past 30 days made in response to the increasing frequency and pervasiveness of IM threats.

The security firm warned that, since 1 January 2005, there have been more than 30 widespread reported incidents of newly discovered IM/P2P viruses, worms and malicious code including spim.

Over 80 per cent of reported incidents were found to include IM virus or worm propagation, with approximately 10 per cent hijacking IM file transfer capability.

Demonstrating that firms are not keeping security patches up to date, some 13 per cent of reported incidents were found to utilise known client vulnerabilities or exploits.

Some 70 per cent of reported IM network incidents targeted the MSN Messenger client, Windows Messenger Client, and MSN Network, while 18 per cent targeted the Yahoo Messenger Client and Yahoo Messenger Network.

The firm reported that 12 per cent of attacks targeted the AOL Instant Messenger Client, AOL Instant Messenger Network, ICQ Client, and ICQ Network.

Kelvir, Bropia, and Bizex worms were reported as the top three most frequently detected IM infections in corporate environments.

"IM viruses and worms are growing exponentially," said IMLogic chief technology officer and vice president of products, Jon Sakoda.

"Virus writers are now shifting the focus of their attack to instant messaging, which is seen as a largely unprotected channel into the enterprise."