Hackers use IM to 'steal' personal info

Hackers are increasingly using Instant Messaging (IM) applications to fool users into installing malicious code and revealing personal information, according to security firm Websense. The number of combined IM- and Web-based attacks has increased by 300 percent in the first quarter of 2005 compared with the last quarter of 2004.

Hackers are increasingly using Instant Messaging (IM) applications to fool users into installing malicious code and revealing personal information, according to security firm Websense.

The number of combined IM- and Web-based attacks has increased by 300 percent in the first quarter of 2005 compared with the last quarter of 2004. The company said that indicates hackers have realised that unmanaged IM software can be extremely dangerous in a corporate environment.

Dan Hubbard, senior director of security and technology research at Websense, said hackers are using social engineering and exploiting programming vulnerabilities to gather information.

"IM will continue to be used as a social engineering tool to gather information about users and an as a means of dropping malicious code onto user's machines. The identity of users is often anonymous, and the very nature of real-time communications like IM presents a new opportunity for attack," said Hubbard.

Market research firm IDC estimates that by 2008, around 450 million people will be using an IM product. Brian Burke, IDC research manager of Security Products, said that hackers are already exploiting problems with today's IM systems.

"Traditional security measures taken by organisations against IM can leave a technology gap open for hackers to exploit by creating new IM attacks methods. Employees who are not familiar with these new threats can easily open a new seemingly innocuous IM message that pops up on their screen. With that one click of the mouse, they can get infected," said Burke.