Instant messaging attacks rise in 2005

MSN and AOL's IM networks experienced a sharp increase in security incidents in 2005

Security attacks over instant-messaging (IM) networks became more prevalent in 2005, according to a study published on Monday.

The MSN network experienced the largest number of IM security incidents in both 2004 and 2005, while year-on-year incident growth rates were largest on AOL's AIM network, according to the report, from IM security vendor FaceTime Communications.

In 2005, MSN had a 57 percent share of the attacks, AOL had 37 percent, and Yahoo had 6 percent, FaceTime said in its IMpact report: Analysis of IM & P2P Threats in 2005.

While the incidence rate of attacks over IM is still low compared with email-borne attacks, the rate is increasing rapidly. There were 778 incidents recorded in the fourth quarter of last year compared with 59 in the first quarter, according to the report.

"IM threats are extremely challenging for corporate IT staff because they utilise real-time communications channels and proven social engineering techniques over worldwide IM networks to propagate significantly faster than email-based attacks," FaceTime said in a statement.

Worms and rootkits were at the heart of the main incidents in 2005, according to Chris Boyd, security research manager of FaceTime, who also warned of the growing danger of cross-network attacks.

"Hacker groups are getting more sophisticated, and are beginning to attack across multiple networks. In 2004 AOL experienced the most attacks, but in 2005 there were more crossovers from AOL to the MSN network, as MSN became more popular with users," said Boyd. "There's some really nasty stuff coming through the AOL network, and it's AOL that's being used as a jump off for other networks."

FaceTime explained that exploits can jump networks through IM "consolidation" applications, such as Trillian or Gaim, that let users combine contacts on multiple IM networks in one list.

Boyd also warned that the hackers are working on new exploits: "Hacker groups have large [compromised] server farms to experiment with propagating exploits. They hide Trojans and viruses, and control these botnets via IRC."

MSN declined to comment specifically on the FaceTime statistics, but agreed that the threat posed by IM was increasing.

"Unfortunately, over the last year the industry has seen viruses and other online threats spread through IM systems, often via Web site links," said an MSN spokesperson. "We recommend that customers do not click on attachments or links in IM without confirming their validity with the person who sent them."

AOL had not commented on FaceTime's statistics at the time of writing.

FaceTime warned last November that one hacker group had taken control of 17,000 PCs using an IM worm, and Boyd confirmed that this area was still causing problems.

"The main and nastiest infections come from the Middle East — we've found a viper nest of hacker dens there," said Boyd. "We've found that lots of hardcore Middle Eastern hacker groups have embraced IM as a launch pad for attacks. They share common knowledge in Arabic to a high degree."

The motivation for these attacks isn't financial, he claimed: "For these gangs, financial gain is less important than making serious political statements. They engage in Web page defacement, and some claim the war as motivation," said Boyd. "The FBI is involved — they've looked at the data we've collected and have used it as a basis for investigation."

The FBI could not confirm or deny whether the data had been passed to them. "We encourage individuals and organisations to come forward to report any suspected crime, but provide confidentiality for them," an FBI spokesperson said.