The sorry state of IM security

A few weeks back I told you about a "friend" of mine who got hit with an IM bug. It was quick, painful, and pretty much fit the definition of "as much fun as a sharp stick in the eye."

Apparently my friend is not alone. The IMlogic Threat Center, a global consortium that provides threat detection and protection for IM and peer-to-peer (p-to-p) applications, recently issued its second quarter 2005 report on the rise of IM security threats.

Launched with the support of the Internet security vendors Symantec, Sybari Software, and McAfee and the IM providers America Online, Microsoft, and Yahoo, the IMlogic Threat Center is a knowledge base for known IM and p-to-p vulnerabilities and provides rapid response and guidance for protection against newly detected threats.

So how much have IM threats increased over the past year? How does 2,747 percent grab you? Love to see that number next to your 401K, I'd bet.

The report says there has been a "sharp" (there's an underwhelming adjective) 2,747 percent increase in new IM threats -- including viruses, worms, SPIM (spam over IM), malware, and phishing attacks -- in second quarter 2005, compared with the same period a year ago. IMlogic also issued more than 15 priority alerts to enterprises and IMlogic Threat Center subscribers in second quarter 2005 in response to the increasing frequency of reported IM threats. Sounds like a busy quarter at the Threat Center.

More than 70 percent of externally reported incidents to the IMlogic Threat Center in second quarter 2005 were attributed to enterprises and small businesses utilizing popular IM applications such as AOL Instant Messenger, MSN Messenger, Windows Messenger, and Yahoo Messenger.

The report also makes note of several attack and vulnerability trends for IM/p-to-p:

IM worms mutate across network boundaries: Second quarter 2005 saw an increase in the number of IM worms that simultaneously propagated across both public and private IM networks, infecting organizations with both standardized IM clients as well as heterogeneous IM usage.

IM worms undermine end-user security through effective social engineering: IM threats utilize "social engineering" techniques to capitalize on successful infection vectors, using casual “chat” techniques, trusted “buddy lists,” and end-user vulnerabilities as targets. In other words, they know what you're doing with your IM service.

IM worms infect transparently and are difficult to quarantine: IM worms infect organizations rapidly and transparently, spreading to a large percentage of vulnerable users in less than one hour. IM worms capitalize on real-time protocols which make detection, quarantine, and response a challenge for corporate environments. I think that speaks for itself. These are not slow-moving zombies; these are fast moving little buggers, like the monster in Alien.