The report released last week by the IMlogic Threat Center provides complete data, analysis and discussion of key trends for the second three months of 2005. Key data points released include:
- A 2,747 percent increase in reported incidents of new IM/P2P viruses, worms, and malicious code including SPIM/malware;
- More than 541 unique IM/P2P threats including IM-specific attacks and "blended-threats" which target IM/P2P applications;
- Eighty-six percent of reported incidents include IM virus or worm propagation; 13 percent are known to hijack IM file transfer capability; one percent of reported incidents utilize known client vulnerabilities;
- Kelvir, Opanki, and Gabby worms reported as the top three most frequently detected IM infections in corporate environments;
- Several new reported incidents of IM "phishing" and identity theft reported on the consumer IM networks.
"As a provider of e-mail security we've also been following the instant messaging security market," said Scott Petry, founder and senior vice president of products and engineering at Postini. "The escalation of IM threats and the subsequent customer adoption of IMlogic's security solution make this a natural fit for us. Our partnership with IMlogic will enable us to exchange our own real-time threat data with the IMlogic Threat Center, creating the world's largest and most sophisticated electronic messaging threat monitoring system."
Trend analysis provided in the IMlogic Threat Center Q2 2005 report suggests that IM-borne attacks will continue to increase as hackers capitalize on the growing popularity of IM in both consumer and corporate environments. The IMlogic Threat Center encourages consumers to protect themselves by keeping operating system patches and anti-virus software up to date, and to exercise caution when using embedded links or file transfer capabilities over the IM channel. Corporate IT departments can additionally leverage IM management technology and end-user policy enforcement to protect their networks from the risks associated with unmonitored and uncontrolled IM usage. Best practices are available online for both enterprises and consumers.
The IMlogic Threat Center Q2 2005 report additionally discusses the following attack and vulnerability trends for IM/P2P:
- IM worms mutate across network boundaries: In the Second Quarter 2005 there was an increase in the number of IM worms that simultaneously propagated across both public and private IM networks, infecting organizations with both standardized IM clients as well as heterogeneous IM usage.
- IM worms undermine end user security through effective social engineering: IM threats utilize dangerous social engineering techniques to capitalize on successful infection vectors, using casual "chat" techniques, trusted "buddy lists" and end user vulnerabilities as targets.
- IM worms infect transparently and are difficult to quarantine: IM worms infect organizations rapidly and transparently, spreading to a large percentage of vulnerable users in less than one hour. IM worms capitalize on real-time protocols which make detection,
-
- quarantine and response a challenge for corporate environments.
- IM threats hit critical growth levels: The volume of reported incidents of IM and P2P threats has increased exponentially due to more targeted attacks by hackers and virus writers, and the inclusion of IM and P2P in blended Internet threats.
Launched with the support of Internet security leaders Symantec, Sybari, and McAfee, and global instant messaging leaders America Online, Microsoft and Yahoo!, the IMlogic Threat Center is the comprehensive knowledge base for known IM and P2P vulnerabilities and provides rapid response and guidance for protection against newly detected threats.
