Companies fight IM malware with honeypots

IMLogic is coordinating security and instant messaging companies in an attempt to fight IM spam
Written by Dan Ilett, Contributor

America Online, Microsoft and Yahoo are supporting a partnership of three security companies who are attempting to thwart instant messaging malware.

McAfee and Sybari have helped IMLogic to build the Threat Center, which aims to protect users from peer-to-peer and IM threats, such as viruses, worms, Spim (spam over IM), and malicious code. It uses honeypots -- servers that will gather information -- on AOL, Microsoft and Yahoo's private IM networks to identify the latest malware.

"I think it's a necessary thing," said Derek O’Carroll, managing director of IMLogic. "IM viruses are on the rise. There's been a whole change in IM. This consortium uses honeypot infrastructure to ensure notifications are sent in real time. It'll allow companies a very quick way of identifying emerging threats on the Internet and security risks in IM and let them react faster."

The Threat Center will provide free IM and email alerts of new threats, protection against SPIM and vulnerabilities in IM clients, servers and networks.

Earlier this year, AOL brought its first court case against alleged 'spimmers' on the same a day when Yahoo, Microsoft and Earthlink sent lawyers to tackle those accused of sending spam by traditional methods.

Experts have said that many UK companies are unsure of the legal implications of using IM as many could be breaking compliance laws. Many companies use IM in the belief that it is exempt from compliance laws, such as Sarbanes-Oxley and Basel II. These regulations demand that companies store all their data for at least seven years. If companies fail to deliver on the regulations, chief executives and chief financial officers could be liable to go to jail.

"A lot of employees use IM as a way of communicating without using the content filters," said Mark Smith, a solicitor from Olwang. "Because IM is more informal than email, people say things on it they sometimes shouldn't. Where corporations use it, if they don't have the correct system implemented, there are loads of issues with monitoring and retention of data."

Editorial standards