IM-Borne Attacks on the Rise
With 41 new attacks carried out during the month of December alone, 2006 proved to be a significant growth year for threats distributed over instant messaging systems.
According to a new research report produced by security software maker Akonix Systems, experts at the San Diego company unearthed some 406 new IM-borne threats over the last 12 months, compared with 347 attacks tracked by the company in 2005.
In 2004, the companys security analysts discovered just under 50 attacks that were carried out either via IM or peer-to-peer technologies.
However, attacks delivered via P2P networks appear to be falling in popularity, as Akonix researchers recorded an 11 percent decrease in that type of threat during December 2006, with only 16 such attacks reported for the month.
Akonix traditionally reports its research of IM and P2P threats simultaneously.
New IM worms arriving during December included the Blowhen and Skyper viruses, as well as Sohana, which was the most common attack seen by the researchers, with five variants. Blowhen was the second most common, with two variants.
Researchers said the distribution of IM threats has followed a similar path over the last three years, as the arrival of new attacks has slowed during summer months and then increased during the fourth quarter of the calendar year.
Don Montgomery, vice president of marketing at Akonix, said his company is unsure why attackers are apparently taking time off over the summer, but said the annual trend could be linked to student hackers coming back online for the fall semester after the summer break.
The final three months of 2006 represented the heaviest volume of IM threats that the company has ever seen.
"We dont know why this is happening each fall because we dont know who the sources are, but its definitely established a pattern," Montgomery said. "In general, we believe that there will be more threats arriving over IM in 2007 than we have ever seen before, and that they will also grow more complex and dangerous."
While many IM attacks of years past have merely propagated themselves via IM users address books and caused little collateral damage, newer threats are seeking the same types of financial information for the purpose of committing identity fraud as their e-mail counterparts.
One of Akonix Systems predictions for 2007 is that IM attacks will increasingly be used for the purpose of cyber-crime.
As an example of the type of attack Akonix expects to encounter, Montgomery pointed to his companys recent discovery of a virus delivered over IM that sought to steal passwords when users attempted to log on to the Web sites of well-known banks.
Just as the criminal element has replaced so-called script kiddies in other virus arenas, organized groups seeking to turn a profit off of their work have become the norm in the world of IM security, Montgomery said.
Unlike e-mail threats, where virus payloads are typically hidden in the messages themselves, IM threats still rely largely upon Web site URLs to get coded onto victims computers.
An increasing number of the attacks are also using URLs designed to look like those of legitimate companies but that actually redirect users to virus sites, Akonix reported.
"Across the volume of attacks in 2006, most were still very simple nuisance code that only propagates itself, but we did see a growing number of sophisticated attacks that were multistage, such as worms that also pull down Trojan viruses to do other things," Montgomery said. "We expect to see increases in both volume and sophistication of IM attacks during 2007."