Security threat to IM set to increase
More messaging features mean more ways for hackers to access data, Trend Micro claims
INSTANT messaging (IM) attacks are only going to get worse as exploit code becomes more readily available online, security giant Trend Micro warned this month.
“Scamming for information is as old as gossip,” said Justin Doo, regional director for Trend Micro Middle East and North Africa (MENA). “Now it is technology that defines how it is done. These days, phishing for credit card details or log-in access has moved from the most common technologies — such as e-mail and web pages — to instant messaging,” he added.
With IM now taking place using different forms of technology, such as on PCs, between smartphones and via WiFi, the means by which it can be attacked are growing, the company warned.
“The yearly roundups and forecasts show that interest in IM was previously tentative because of its limited capability,” said Doo. “Now that IM has richer features, and given the trend of malware today, IM attacks will be here to stay, and will grow until specific security measures are implemented both technology-wise and by users,” he went on to say.
According to Trend Micro’s own research, there are now between 90 and 100 different malware variants that are spread via IM. Trend Micro warns that worm variants such as Kelvir, Agobot and Bropia can also be spread via IM as well as being spread via attachments to e-mail messages.
The worms have the option to make use of a number of unpatched vulnerabilities since exploit code is readily available to malware authors on the internet — this means, according to Trend Micro, that IM threats are likely to increase.
“Because we live in a world where information is key, and because IM is quicker in message delivery than e-mail, the growing popularity of online chat communities and discussion groups exposes users to an ever growing number of possible contacts,” Doo commented.
Doo said he believed attacks on IM will increase in sophistication and that IM malicious code would make itself harder to detect by mutating several of the elements that security systems use to identify it.
“To protect yourself, make sure you use powerful anti-virus and anti-spyware products, and keep them up to date with the latest pattern files,” Doo said.
“Additionally do not click on suspicious links or download dubious files,” he added.