January 10, 2006 9:51 AM PST
Study: Instant-messaging attacks rose in 2005
Microsoft's MSN network experienced the largest number of IM security incidents in both 2004 and 2005, while year-on-year incident growth rates were largest on America Online's AIM network, according to the report, published Monday by IM security vendor FaceTime Communications.
In 2005, MSN had a 57 percent share of the attacks, AOL had 37 percent and Yahoo had 6 percent, FaceTime said in its "Impact report: Analysis of IM & P2P Threats in 2005."
While the incidence rate of attacks over IM is still low compared with e-mail-borne attacks, the rate appears to be increasing rapidly. There were 778 incidents recorded in the fourth quarter of last year compared with 59 in the first quarter, according to the report.
"IM threats are extremely challenging for corporate IT staff because they utilize real-time communications channels and proven social engineering techniques over worldwide IM networks to propagate significantly faster than e-mail-based attacks," FaceTime said in a statement.
Worms and rootkits were at the heart of the main incidents in 2005, said Chris Boyd, security research manager at FaceTime who also warned of the growing danger of cross-network attacks.
"Hacker groups are getting more sophisticated and are beginning to attack across multiple networks. In 2004, AOL experienced the most attacks. But in 2005 there were more crossovers from AOL to the MSN network, as MSN became more popular with users," Boyd said. "There's some really nasty stuff coming through the AOL network, and it's AOL that's being used as a jump-off for other networks."
FaceTime said that exploits can jump networks through IM "consolidation" applications, such as Trillian or Gaim, which let people combine contacts from multiple IM networks on one list.
Boyd also warned that the hackers are working on new exploits. "Hacker groups have large (compromised) server farms to experiment with propagating exploits. They hide Trojans and viruses, and control these botnets via IRC," he said.
MSN declined to comment specifically on the FaceTime statistics, but agreed that the threat risk via IM networks was increasing.
"Unfortunately, over the last year, the industry has seen viruses and other online threats spread through IM systems, often via Web site links," an MSN representative said. "We recommend that customers do not click on attachments or links in IM without confirming their validity with the person who sent them."
AOL had not commented on FaceTime's statistics at the time of writing.
FaceTime claimed last November that one hacker group had taken control of 17,000 PCs using an IM worm, and Boyd said this area was still causing problems. "The main and nastiest infections come from the Middle East. We've found a viper nest of hacker dens there," he said. "We've found that lots of hardcore Middle Eastern hacker groups have embraced IM as a launchpad for attacks."
The motivation for these attacks isn't financial, he claimed: "For these gangs, financial gain is less important than making serious political statements. They engage in Web page defacement, and some claim the war as motivation," said Boyd. "The FBI is involved--they've looked at the data we've collected and have used it as a basis for investigation."
The FBI would not confirm or deny whether the data had been passed to them. "We encourage individuals and organizations to come forward to report any suspected crime, but provide confidentiality for them," an FBI official said.
Tom Espiner reported for ZDNet UK.