In an attempt to get a jump on the spread of malware through instant messaging, a group of security firms has banded together to create a community of watchdogs that will share information about potential threats.
Led by IMlogic, which sells enterprise security software for IM systems, the group comprises security companies MacAfee and Sybari Software and IM providers America Online, Microsoft and Yahoo. IMlogic has set up a free “threat center” where it will post information on viruses, worms and vulnerabilities in IM and peer-to-peer networks identified by the group.
E-mail alerts will be sent to anyone who requests them when new threats are identified, and IMlogic will send instant updates to its software customers to block the new threat. The IM networks will monitor their traffic to try to quickly identify any suspicious activity.
Sounding the Bell Early
“An essential part of protection is detection,” IMlogic CEO Francis deSouza told TechNewsWorld. He said the pattern of IM’s growth is mimicking the earlier pattern of e-mail’s growth, which gives security companies a leg up in the understanding of how malware will begin to spread.
“The genesis behind the threat center was to take a proactive stand,” deSouza said. While the threat of malware arriving through e-mail is still much higher than through IM, the number of IM malware threats is doubling every six months, he said. In addition, IM malware can be more insidious, spreading much more quickly and looking even more innocuous when received.
“People are more likely to click on URLs in IM messages, or accepting files without knowing they are accepting them,” deSouza said. “On e-mail, people generally know what they’re doing.”
Most e-mail users are aware that opening an executable file (.exe) from an unknown source is a danger, but many don’t know what an IM threat looks like. It can be carried in a URL from somebody in your buddy list, deSouza said. IMlogic’s software is designed to block known malware URLs from reaching IM users.
The threat will only grow as the use of IM spreads and as IM interconnectivity spreads with it. In the past, users had to be on the same IM system, but that is changing. This summer, Microsoft announced it would open its enterprise IM server to allow communication with MSN Messenger, Yahoo Instant Messaging and AOL Instant Messaging. That means that malware can jump from one system to another.
In addition, deSouza said, malware writers are beginning to create viruses and worms that can take advantage of any software opening on a system and spread through it. That means that if your e-mail is secure but your IM isn’t, the worm, which may have first sought to infect a system through e-mail, will find the hole in IM and exploit it.
DeSouza said he is hopeful that early detection and the ability to take the lessons learned from the spread of malware through e-mail will make this battle a little easier.