Akonix: IM Attacks So Far Increased 73% over 2006

Security researchers at Akonix have uncovered 170 malware attacks over IM this year.

Security researchers at San Diego-based Akonix Systems Inc., a provider of instant messaging security and compliance products, have uncovered 170 IM threats this year—an increase of 73 percent from the same time period in 2006.

The companys IM Security Center researchers tracked 20 malicious code attacks over IM networks during the month of May, Akonix officials said. Altogether, the number of IM threats found by the company this year represents an average of more than one IM attack a day.

It is not clear exactly why the number of IM attacks is increasing, but security researchers have their theories. Don Montgomery, vice president of marketing at Akonix, speculated the increase in the number of attacks reflects the increase in the use of instant messaging, particularly on corporate networks.

"IM is becoming favored over e-mail as a distribution vector for malware as a result of e-mail security now being employed by 75 percent or more of companies, while IM security is only employed by 15 to 20 percent of companies," Montgomery said. "The hackers are simply turning to the open door."

/zimages/1/28571.gifRead more here about an animated cursor flaw.

The new IM worms identified include Culler, Nirk, Posse, TermX and MSNDiablo. Culler featured four variants and was the most common. There were also 11 attacks this month on P2P networks, such as Kazaa and eDonkey.

What hasnt changed is how attackers are getting to IM users. The primary means of delivering malware remains social engineering, where users are goaded into downloading malicious code by clicking on a link. The less formal nature of IM also makes it better suited for socially engineered attacks, Montgomery said.

"People are more likely to click on an unknown URL in an IM that appears to be from a buddy that says "check out your picture on the Web!" than they are to click through e-mails with unknown Web addresses," he said.

Security researchers at Akonix did note many more non-English text strings associated with the attacks than in the past.

For example, W32/Culler spreads through MSN Messenger by sending a link promising an animation of President Bush. It arrives as a file named bush.exe, which uses an icon to make it appear to be a Flash animation, Montgomery said. The message sent was "mira esta animacion de bush :P"

"These of course are less likely to be opened/clicked by American recipients, but are clearly targeting different regions of the world," Montgomery said.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.