The Next Big Virus Threat: Instant Messaging
Symantec warns that virus writers will soon exploit gaping holes in chat clients like AOL's AIM and MSN Messenger.In the past, viruses needed help. They couldnt infect your machine unless you opened an e-mail-attachment or another malicious file. Nowadays, viruses can attack on their own. Like the MS Blaster worm or the more recent Sasser, they can burrow onto your machine through a vulnerability, or hole, in your operating system or another piece of software. In the summer of 2003, Blaster infected more than 10 million people worldwide by exploiting a known vulnerability in Microsoft Windows XP. Since Blaster, Microsoft has done a much better job of patching the security flaws in end-user operating systems. According to the company, three times as many people downloaded the patch that protected against Sasser as did the one that prevented Blaster. But theres still a gaping hole in millions of systems across the Internet that seems to have gone unnoticed. Symantec, makers of Norton Antivirus, says the next big worm is likely to exploit flaws in instant messaging clientsand it will spread faster than any other worm on record.
"Code Red was able infect every vulnerable machine on the Internet in 14 hours. Slammer was able to do it in 20 minutes," says Eric Chien, chief of research at Symantec Security Response. "An instant-messaging threat could spread to a half a million machines in 30 or 35 seconds."