IM viruses: The next big threat?

IM viruses and worms have been grabbing headlines over the past few months; this week alone saw virus issues plague popular IM systems from both Microsoft and AOL.

In the Microsoft MSN Messenger case, malicious code that could be used to create an IM virus was published on the Web. The code attacks a hole in an MSN Messenger component called "libpng," which is used to display Portable Network Graphics files that are used to show smiley faces, buddy icons, and other graphics, according to the IDG News Service.

AOL's AIM, meanwhile, was hit this week with a virus dubbed Worm_Aimdes.A, according to IM security vendor Akonix Systems. The virus sends a copy of itself to all online contacts in an affected user's Buddy List, sending a message in an attempt to trick recipient into thinking the file was send from a trusted source. That worm can also spread over e-mail networks.

Although both of these instances target consumer IM, the issue sparks concern for enterprises because most corporations run unprotected public IM systems. According to Francis deSouza, CEO of IM management and security vendor IMlogic, nearly 85 percent of enterprises have public IM in use, but less than 5 percent have any security or protection in place.

"Most IT departments aren't aware of extent of the risk with IM," deSouza said.

Pure IM viruses are not as common as blended viruses, which use both e-mail and IM to spread, deSouza said.

"Almost any virus can spread through multiple vectors. It may come in through e-mail, spread through IM, and leave through another means," deSouza said. "IM is becoming an important vector for viruses."

While e-mail is still the primary vehicle for viruses and worms, the fact that IM is a real-time communication technology makes it a dangerous threat.

"The real-time nature of IM makes it literally the perfect medium for rapidly reproducing worms and viruses," said Nate Root, vice president and research director at Forrester Research. "IM-borne viruses are the next big thing."

With e-mail, viruses are spread worldwide in a matter of weeks, but with IM the infection time is measured in minutes, IMlogic's deSouza added.

IT managers are starting late in the game trying to wrangle control of consumer IM because in most cases individual workers deployed the tools themselves without IT approval, Forrester's Root said.

"In 2005 and 2006, we expect IM to get hit with some serious attacks, especially because most corporate workers still run public IM, completely unregulated by IT.  Most companies are completely unprepared for the special problems that public IM clients bring with them," Root said.