IM worms: the rise before the fall

The number of instant-messaging (IM) worms is on the rise but users should expect only a short-lived surge before tech administrators act against IM in their companies, a security expert claims. There have been around 40 different worms or variants spreading via IM applications so far this year, the majority of which have targeted Microsoft's MSN Messenger service.

The number of instant-messaging (IM) worms is on the rise but users should expect only a short-lived surge before tech administrators act against IM in their companies, a security expert claims.

There have been around 40 different worms or variants spreading via IM applications so far this year, the majority of which have targeted Microsoft's MSN Messenger service. Alexander Gostev, senior virus analyst at Kaspersky Labs, said most of these worms were written in Visual Basic and contain similar source code -- a sign that script kiddies were most likely responsible.

"Most new IM-worms target MSN Messenger and are written in Visual Basic... VB is one of the easiest programming languages to master, but it's unsuitable for serious projects... The source code for some early IM-worms was published on a number of virus writers' sites, and most of the new worms are clearly based on this code. The evidence currently points to IM-worms being the domain of script-kiddies," said Gostev.

According to Gostev, IM worms are at a similar state of evolution to P2P worms three years ago, which means in the short term we should expect a significant increase in the amount of malware targeting IM applications.

"Between 2002 and 2004, when P2P worms first appeared, they were also mostly written in VB and targeted one P2P client, Kazaa, the most popular client at the time... As P2P-worms were simple to create, and spread rapidly, several hundred families appeared, with numerous versions in each. The increase in this type of malware reached its peak in 2003, with more than 10 new versions being detected every week," said Gostev.

Gostev said that the rate at which P2P worms were evolving slowed rapidly in 2004, which is how he also expects the IM worm 'lifecycle' to unfold.

"The rapid evolution of P2P-worms slowed dramatically in 2004 and they currently comprise an insignificant percentage of contemporary malware. It seems likely that IM-worms will have the same life cycle," said Gostev.

As administrators realised the dangers of P2P applications and restricted or denied access to those services, they became less of a problem, which is what will have to happen if IM attacks are to be contained.

"System administrators and security managers should be focusing their attention on the potential threat which IM applications represent. One option would be to forbid the use of IM applications in enterprise settings until security improves," said Gostev.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All