ORLANDO, Fla. -- Here's a new reason for IT administrators to worry about all those IM and P2P programs employees...
are using: Attackers have used them to launch malicious code with alarming frequency since the start of the year, according to a new report from a consortium of antivirus firms and IM providers.
In its first-ever quarterly report, unveiled at the InfoSec World conference Tuesday, the IMlogic Threat Center said exploits in the first three months of 2005 surged more than 270% over the same period last year.
"The trends identified in our report will continue as IM becomes the new target for more sophisticated attacks aimed at disrupting Internet security," Jon Sakoda, chief technology officer and vice president of products for Waltham, Mass.-based IMlogic, said in a statement.
IMlogic launched the threat center last December in partnership with antivirus firms
- Reports of new exploits against IM/P2P rose 271% over the same period last year;
- More than 75 unique IM/P2P-based threats and attacks, including IM-specific incidents and "blended-threats" targeting IM/P2P applications;
- 82% of reported incidents included the spread of an IM virus or worm;
- The Kelvir, Bropia, and Sumom worms were the top three most frequently detected IM infections in corporate environments; and
- Multiple cases of IM phishing and identity theft schemes were reported on consumer IM networks.
The report said more than 50% of incidents logged in the first quarter involved enterprises and small businesses using such IM applications as AOL Instant Messenger, MSN Messenger, Windows Messenger and Yahoo Messenger.
The report said users can expect things to get even worse, since IM exploits tend to involve social engineering techniques using "buddy lists" and end-user vulnerabilities as targets. The report added, "IM uses a real-time protocol which enables the rapid proliferation of IM malware, making detection, quarantine and response a challenge for corporate environments."