TELECOM Digest OnLine - Sorted: Instant-Messaging Attacks Increase in 2005

Instant-Messaging Attacks Increase in 2005

Tom Espiner (
Tue, 10 Jan 2006 21:21:33 -0600

By Tom Espiner

Security attacks over instant-messaging networks became more prevalent
in 2005, according to a new study. Microsoft's MSN network
experienced the largest number of IM security incidents in both 2004
and 2005, while year-on-year incident growth rates were largest on
America Online's AIM network, according to the report, published
Monday by IM security vendor FaceTime Communications.

In 2005, MSN had a 57 percent share of the attacks, AOL had 37 percent
and Yahoo had 6 percent, FaceTime said in its "Impact report: Analysis
of IM & P2P Threats in 2005."

While the incidence rate of attacks over IM is still low compared with
e-mail-borne attacks, the rate appears to be increasing rapidly. There
were 778 incidents recorded in the fourth quarter of last year
compared with 59 in the first quarter, according to the report.

"IM threats are extremely challenging for corporate IT staff because
they utilize real-time communications channels and proven social
engineering techniques over worldwide IM networks to propagate
significantly faster than e-mail-based attacks," FaceTime said in a

Worms and rootkits were at the heart of the main incidents in 2005,
said Chris Boyd, security research manager at FaceTime who also warned
of the growing danger of cross-network attacks.

"Hacker groups are getting more sophisticated and are beginning to
attack across multiple networks. In 2004, AOL experienced the most
attacks. But in 2005 there were more crossovers from AOL to the MSN
network, as MSN became more popular with users," Boyd said. "There's
some really nasty stuff coming through the AOL network, and it's AOL
that's being used as a jump-off for other networks."

FaceTime said that exploits can jump networks through IM
"consolidation" applications, such as Trillian or Gaim, which let
people combine contacts from multiple IM networks on one list.

Boyd also warned that the hackers are working on new exploits. "Hacker
groups have large (compromised) server farms to experiment with
propagating exploits. They hide Trojans and viruses, and control these
botnets via IRC," he said.

MSN declined to comment specifically on the FaceTime statistics, but
agreed that the threat risk via IM networks was increasing.

"Unfortunately, over the last year, the industry has seen viruses and
other online threats spread through IM systems, often via Web site
links," an MSN representative said. "We recommend that customers do
not click on attachments or links in IM without confirming their
validity with the person who sent them."

AOL had not commented on FaceTime's statistics at the time of writing.

FaceTime claimed last November that one hacker group had taken control
of 17,000 PCs using an IM worm, and Boyd said this area was still
causing problems. "The main and nastiest infections come from the
Middle East. We've found a viper nest of hacker dens there," he
said. "We've found that lots of hardcore Middle Eastern hacker groups
have embraced IM as a launchpad for attacks."

The motivation for these attacks isn't financial, he claimed: "For
these gangs, financial gain is less important than making serious
political statements. They engage in Web page defacement, and some
claim the war as motivation," said Boyd. "The FBI is involved--they've
looked at the data we've collected and have used it as a basis for

The FBI would not confirm or deny whether the data had been passed to
them. "We encourage individuals and organizations to come forward to
report any suspected crime, but provide confidentiality for them," an
FBI official said.

Tom Espiner reported for ZDNet UK.

Copyright 1995-2006 CNET Networks, Inc.

NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at . Hundreds of new
articles daily. And, discuss this and other topics in our forum at (or)

Also see more tech reports at:

Post Followup Article Use your browser's quoting feature to quote article into reply
Go to Next message: "Re: Registering Multiple DIDs on the "Do-Not-Call" List"
Go to Previous message: Associated Press News Wire: "Microsoft Releases Two New Patches"
TELECOM Digest: Home Page