Cyber-crooks target chat platforms

More than 1,000 unique threat incidents were reported over instant messaging, P2P and chat vectors in 2007, according to research from FaceTime Communications.

Nearly 20 per cent of IM threats were reported on the AOL Instant Messenger network, 45 per cent on MSN Messenger and 20 per cent on Yahoo Instant Messenger.

Some 15 per cent occurred on all other IM networks, including Jabber-based private networks.

Attacks on private networks have more than doubled since 2003, rising from seven per cent of all IM attacks in 2006 to 15 per cent in 2007.

FaceTime researchers also saw a shift in the non-IM vectors used to distribute viruses, malware and spyware in 2007.

Most notable was the rise in IRC-distributed attacks, which accounted for 58 per cent of attacks in 2006, rising to 72 per cent by the end of 2007.

"Threats over IM and P2P networks are occurring at an average of just over five unique incidents per day," said Frank Cabri, vice president of marketing and product management at FaceTime.

"Additionally, social networking sites are increasing in popularity resulting in a corresponding increase in malicious activity targeted at users of these sites."

FaceTime researchers noted an increasing use of social engineering during 2007 to propagate threats across IM networks and Skype, as well as social networking sites such as MySpace.

The firm's Security Labs pointed to the increasing boldness of a growing underclass of "glory hackers" on social networking sites.

The danger to corporate networks lies in a growing tendency for workers to blur their work and professional lives, often surfing social networking sites on work PCs leading to information loss, inbound malware threats and compliance risks.

"Many hacks and scams are creeping into the mainstream areas of MySpace and other social networking sites as the perpetrators become bolder and more aggressive," said Chris Boyd, FaceTime's director of malware research.

"The most horrendous content imaginable is now easily stumbled on via simple redirects and blog hijacks. The myth that you have to 'go looking for it' has never seemed further from the truth."

Boyd pointed to an aggressive shift in hacker behaviour over the past year, involving a growing underclass of young hackers who do not care about revealing their identity.

"Children as young as 12 are sharing professional phishing kits and trading stolen credit card details," said Boyd.

FaceTime warned that MySpace and other social networking sites will continue to be the most popular target for hackers, phishers and spammers in 2008 as long as they continue to offer the same level of profile customisation to users.