IM threats – going one of two ways

Warnings are increasing about the threat posed from attacks over instant messaging, and according to one firm in the enterprise IM space the current threat is reaching one of the highest levels witnessed – while some are suggesting the threat will be a flash in the pan.

FaceTime provides secure enterprise IM solutions for business and claim the coming together of recent threats and vulnerabilities has made for a very insecure IM landscape.

Kailash Ambwani, CEO of FaceTime, told silicon.com: "We're seeing lots of activity with respect to viruses and worms spreading on IM."

Ambwani said the threat posed by attacks over IM is at the level email reached a few years back – a tipping point where, unhindered, the growth could become very worrying for businesses rapidly adopting IM for internal and external communications.

"The penetration of IM is now at a level where it has become a very interesting target for an attack," said Ambwani. The open port to the internet represents a particularly open window for attackers.

"Companies have invested a lot in security, but if you've locked all the doors and then left an open window round the back you're going to get attacked. And IM is definitely an open window," added Ambwani.

However, as reported on silicon.com earlier, Alexander Gostev, senior virus analyst at Kaspersky Labs, has expressed his belief that IM threats will be quickly brought under control as firms act to control the use of IM within the corporate network.

But that has parallels with thoughts some years ago that computer viruses too would be a flash in the pan. Gostev instead likened the issue of IM viruses to those which propagate via P2P services such as Kazaa, but many companies are warming to the use of IM as a business tool, while the case for banning P2P was more of a no-brainer.

Graham Cluley, senior technology consultant at Sophos, agrees that simply switching off IM is not a reasonable defence, given the benefits businesses are feeling from instant messaging, but suggests companies do need to address whether all employees actually need IM.

Cluley added companies should also consider "a policy of only allowing internal IM communications rather than a free-for-all where you can chat instantly to anyone on the net".

And better IM etiquette may be needed to combat increasingly sophisticated attacks.

FaceTime's Ambwani warned that Trojans infecting users' machines are now capable of propagating freely using the user's buddy list of contacts and generating text.

Those attacks spreading via IM may appear as a message window from a contact. It may open with nothing more than a link, or a common line of text, such as 'Hey, check this out'.

It's a tactic users are now familiar with in their email inbox, but Ambwani warned the immediacy of IM may be its undoing.

Ambwani warned some worms may even generate several lines of fairly generic text to fool users into thinking it really is their contact sharing the link, often preying on that fact the first lines of IM conversation often tend to be non-sequential and out of synch anyway.

An example might be:

johnsmith2005: How you doing?
petebrown84: ok... what about you?
johnsmith2005: Can't believe the weather today
petebrown84: Did you go out for those drinks last night?
johnsmith2005: ...sorry mate, can't stop and chat, check out this link...

Such a conversation may at first look to come from the real John Smith, given the random nature of IM chat at the best of times, but such generic text should not necessarily be trusted.

Ambwani suggested better IM etiquette is called for – never sending links without first a line of text identifying the sender is genuine and waiting for enough correct and reasonable answers to suggest there is a real person on the other end.