Huge rise in IM backdoor attacks

Hack attacks using instant messaging (IM) as an unprotected backdoor in enterprises are reaching epidemic proportions, industry experts have warned.

Analyst firm IDC said that the problem is leading to a sharp hike in highly sophisticated IM attacks that spread malicious code and worms directly into organisations without any end-user intervention.

"Hackers and virus writers have realised that the next vulnerable area for attack within an organisation is to spread malicious code via IM," said Brian Burke, research manager for security products at IDC.

"Traditional security measures taken by organisations against IM can leave a technology gap for hackers to exploit by creating new IM attack methods.

"Employees who are not familiar with these new threats can easily open a new, seemingly innocuous IM message that pops up on their screen. With that one click of the mouse they can get infected."

Hackers are increasingly using IM as a vector for phishing scams and for so-called 'pharming' attacks, malicious redirects where thousands of IM users are persuaded to click on a link to a bogus, malware-infected website.

These malicious or fraudulent sites either request personal information from the end user or automatically download and run key-loggers, worms or viruses on the user's machine, creating a backdoor for hackers.

According to security firm Websense, incidents involving hackers using IM soared by 300 per cent during the first quarter of 2005, compared with the fourth quarter of 2004.

"Social engineering and vulnerabilities within IM client technologies are being used to gain access to hosts," said Dan Hubbard, senior director of security and technology research at Websense.

"IM will continue to be used as a social engineering tool to gather information about users and as a means of dropping malicious code onto users' machines.

"The identity of users is often anonymous, and the very nature of real-time communications like IM presents a new opportunity for hackers."