Instant Messaging attacks increase 723 percent in Q1

Gartner predicts that all enterprises will be using Instant Messenger (IM) by 2010, which should send alarm bells ringing as IM attacks have increased by more than 700 percent in the past year.The analyst group predicts that penetration levels for enterprise-grade IM will rise from around 25 percent today to nearly 100 percent by the end of the decade.

Gartner predicts that all enterprises will be using Instant Messenger (IM) by 2010, which should send alarm bells ringing as IM attacks have increased by more than 700 percent in the past year.

The analyst group predicts that penetration levels for enterprise-grade IM will rise from around 25 percent today to nearly 100 percent by the end of the decade.

Security vendor MessageLabs, meanwhile, reports that incidents of worms, viruses and other threats transmitted via IM increased a whopping 723 percent in the last 12 months (based on findings from between January to March 2006 and January to March 2007).

In a video interview, the general manager of AusCERT Graham Ingram said that public IM is often transmitted unencrypted and through unknown servers.

"The more IM is used, the more it's going to be a platform the bad guys will gravitate to," he said. "There is growing evidence that it is a vector. IM needs to be really looked at closely."

Patrick Runald, Senior Security Specialist for F-Secure said that at the same time IM is replacing email, it's also presenting greater risk to the organisation.

"When you think about an IM worm, it knows which contacts are online," he said. "It also knows which version of software [is being used] and can target any vulnerabilities in any version."

Runald said users also assume they can trust any IM message from somebody they know.

"Don't trust [everything], even if it's coming from your friend," he said. "Make sure you have security software in place, make sure it's updated, and make sure you update your IM software."

To meet the new threats posed by widespread IM use, Gartner advocates the use of security services by vendors such as Facetime, Akonix or Symantec/IMLogic.