
But IT departments will act quickly to stop it...
Published: 19 April 2005 09:30 GMT
The number of instant messaging worms is on the rise – but users should expect only a short-lived surge before tech administrators act against IM in their companies, a security expert has claimed.
There have been around 40 different worms or variants spreading via IM applications so far this year, the majority of which have targeted Microsoft's MSN Messenger service. Alexander Gostev, senior virus analyst at Kaspersky Labs, said most of these worms were written in Visual Basic and contain similar source code – a sure sign that script kiddies were most likely responsible.
"VB is one of the easiest programming languages to master, but it's unsuitable for serious projects… The source code for some early IM worms was published on a number of virus writers' sites, and most of the new worms are clearly based on this code," said Gostev. "The evidence currently points to IM worms being the domain of script kiddies."
According to Gostev, IM worms are at a similar state of evolution to P2P worms three years ago, which means in the short term a significant increase in the amount of malware targeting IM applications should be expected.
"Between 2002 and 2004, when P2P worms first appeared, they were also mostly written in VB and targeted one P2P client, Kazaa, the most popular client at the time… As P2P-worms were simple to create, and spread rapidly, several hundred families appeared, with numerous versions in each. The increase in this type of malware reached its peak in 2003, with more than 10 new versions being detected every week," said Gostev.
Gostev said that the rate at which P2P worms were evolving slowed rapidly in 2004, which is how he also expects the IM worm 'lifecycle' to unfold.
"The rapid evolution of P2P worms slowed dramatically in 2004 and they currently comprise an insignificant percentage of contemporary malware. It seems likely that IM worms will have the same life cycle," said Gostev.
As administrators realised the dangers of P2P applications and restricted or denied access to those services, they became less of a problem, which is what will have to happen if IM attacks are to be contained.
"System administrators and security managers should be focusing their attention on the potential threat which IM applications represent. One option would be to forbid the use of IM applications in enterprise settings until security improves," said Gostev.
Munir Kotadia writes for ZDNet Australia.
You will liaise with support teams, systems administrators and end users. Desirable skills and qualifications include: ITIL, Microsoft IIS and a ...
To be responsible for maintaining all VB Script configuration changes pertaining to the Desktop and Citrix environments. Ensuring All ...
Excellent knowledge of networking and hosting fundamentals, TCP/IP, DHCP, DNS, firewalls, load balancers, web and database servers, Datacentre ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Clive Longbottom Windows 7: Not perfect - but ready for prime time Microsoft's latest OS fixes most of Vista's ills - but still has challenges ahead
Stephen Kleynhans Mind the details with Windows 7 Just because it might work better than Vista, it doesn't mean you can be sloppy