The Next Big Virus Threat: Instant Messaging

Symantec warns that virus writers will soon exploit gaping holes in chat clients like AOL's AIM and MSN Messenger.

In the past, viruses needed help. They couldnt infect your machine unless you opened an e-mail-attachment or another malicious file. Nowadays, viruses can attack on their own. Like the MS Blaster worm or the more recent Sasser, they can burrow onto your machine through a vulnerability, or hole, in your operating system or another piece of software. In the summer of 2003, Blaster infected more than 10 million people worldwide by exploiting a known vulnerability in Microsoft Windows XP.

Since Blaster, Microsoft has done a much better job of patching the security flaws in end-user operating systems. According to the company, three times as many people downloaded the patch that protected against Sasser as did the one that prevented Blaster. But theres still a gaping hole in millions of systems across the Internet that seems to have gone unnoticed. Symantec, makers of Norton Antivirus, says the next big worm is likely to exploit flaws in instant messaging clients—and it will spread faster than any other worm on record.

"Code Red was able infect every vulnerable machine on the Internet in 14 hours. Slammer was able to do it in 20 minutes," says Eric Chien, chief of research at Symantec Security Response. "An instant-messaging threat could spread to a half a million machines in 30 or 35 seconds."

This is particularly worrying because IM clients are widely used on business machines. The Radicati Group estimates that 26 percent of American companies use instant messag-ing as an official corporate service and that another 44 percent would acknowledge that their employees use instant messaging on their own. This jibes perfectly with estimates from the Gartner Group.

Click here for the complete story at