Yesterday I had a chance to talk to Peter Shaw, CEO of Akonix. Evidently Instant Messaging is becoming a useful vector for hackers. Following in the trail blazed by viruses, IM is being used to propagate worms. Typically the worms use an exploit in Internet Explorer and the IM client in conjunction with spam- like social engineering to spread. In other words, someone gets a message purportedly from a “buddy” that encourages them to visit a link. When they do visit that link the worm is injected into their computer where it takes over their IM client and sends a message to everyone on the buddy list it finds. The news is how these worms are evolving. Some IM worms are multi-service. In other words they will spread over AIM, Yahoo! and MSN services. And, no surprise, the worms are installing Trojans and key stroke loggers to steal identities.
I asked Peter what the next protocol to be attacked will be? His response: “Voice over IP, the SIP protocol”. While I agree that SIP will be an effective attack vector I am more worried about an IM worm that needs no user participation to spread. That could look like Nimda or SQL Slammer all over again.
-------------------------Theme music for IT-Harvest ThreatCasts used with the permission of Hyperion Records