IM threats rocketing - and rocking firms

The number of threats targeting instant messaging (IM) is soaring, with one vendor reporting its own data shows a 1,500 per cent increase in threats year-on-year.

IMLogic's Threat Center reported the huge increase in threats occurring between October 2004 and October 2005. Of these threats 87 per cent of unique IM-targeted attacks were worms, 12 per cent were viruses and one per cent were client vulnerabilities, according to the research.

However, very few have caused serious damage on a grand scale although Francis De Souza, CEO of IMLogic, told silicon.com an unlucky 13 companies on the Fortune 50 have been hit with an IM-related security incident in the past six months.

He also cited one instance where 10,000 desktops were taken out in one incident.

De Souza told silicon.com: "Attacks you can do over IM are more powerful. You don't just send messages, you can take over somebody's PC.

"IM is built for the very rapid spread of information. Messages get where they're going very quickly but this means threats can also spread very quickly."

However, De Souza admitted there is yet to be the level of outbreak or serious threat which will really put the issue in the spotlight.

"But we've had a few shots across the bows," he said.

The most commonly targeted service over the past year was MSN Messenger, which was targeted in 62 per cent of instances. Second was AOL (31 per cent) and third was Yahoo! (seven per cent). However, last month saw a reversal of the top two, with AOL targeted 66 per cent of the time, MSN 33 per cent and Yahoo! one per cent.

The stats also revealed that all threats exploited some form of social engineering in order to launch, such as tempting users with an enticement to click on a link or attachment, suggesting it is still with the power of the users who employ common sense to protect themselves.