December 7, 2004 9:46 AM PST
Consortium forms IM threat center
IMlogic, which partnered with America Online, IBM, McAfee, Microsoft, Symantec, Yahoo and others, has created the IMlogic Threat Center to post information on the latest IM and P2P threats. This effort comes as IM, in particular, is increasingly becoming a target for security threats.
"The genesis for this idea came from our customer advisory board meetings last year," said Francis deSouza, chief executive of IMlogic, which makes software that helps corporations manage instant-messaging software. "We were discussing industry trends and had noticed (that we had) started to see about 7 percent of the IM traffic was spam and malware. It seemed like a small percentage at the time, but we realized this was how e-mail spam started out and this could go the way of e-mail, so we decided 'Let's do something proactive to protect ourselves.'"
As a result, partners in the IMlogic Threat Center effort have now added another layer of security at the edge of their respective networks with IM "honeypots," which serve as listening posts for suspicious instant-messaging activity.
Information gathered through the honeypots is then relayed back to the operators of the IM networks, as well as security partners, IMlogic customers and anyone who has signed up for the free IMlogic Threat Center alerts.
"We're working with the instant-messaging network to create a global network of honeypots to look for IM spam and threats as they emerge internationally," deSouza said. "Before today, none of our partners had honeypots deployed for IM. They had them deployed to catch e-mail, but not for IM."
The IMlogic Threat Center posts the name and description of the virus, its risk rating, the date that the virus was detected, a list of which IM and P2P products it affects, and prevention steps. The center also offers free e-mail and IM alert notices.
The threats covered range from IM-borne viruses and worms to spam over IM, otherwise known as "spim."
IM spam, for example, can cause security breaches similar to those found with e-mail. Hyperlinks sent via IM can lure people to click on downloads that serve as doorways for viruses. IM spam can also cause network congestion, causing the performance of applications to slow to a crawl.
Other security companies, including McAfee and Symantec, also distribute information about the latest security threats and maintain online threat centers, but deSouza said the IMlogic Threat Center is the only one dedicated to IM and P2P threats.
He asserted that it will not be burdensome for companies to add another alert service because businesses often already receive multiple notices from security vendors about threats to their gateways, network perimeters and desktops.
"Companies usually don't rely on one partner for all their threat notices," he said.