Over the last four years, I've been saying that instant messaging (IM) is a security threat waiting to happen. Although a few random computer viruses over the years have exploited IMs, there's been a definite increase in IM-borne virus activity within the last few weeks. Most of these IM-borne viruses have targeted MSN Messenger, although the ever popular AOL IM is not without its own problems. Microsoft's recent announcement regarding greater IM capabilities within Microsoft Office, however, could set the stage for faster and more efficient computer virus attacks in the very near future.
How IM works
IM requires a downloadable client running on your hard drive and an open connection to the Internet. Unlike email, which uses the same port all the time -- port 25 -- and can therefore be scanned, filtered and managed for security purposes by corporate IT, IM programs use a variety of Internet ports and run different protocols, sometimes making it difficult for IT departments to set up security tools to monitor them.
Like email, IM clients include contact lists, sometimes called 'buddy' lists. Unlike email, however, IM clients also report whether you're sitting at your keyboard -- an emerging privacy issue. Virtually none of the proprietary messengers use encryption, which is why financial institutions usually either ban their use entirely or opt for specially encrypted chat programs. And unlike email, IM messages are in real time and often read like a transcript of a phone conversation rather than a formal letter. It is this spontaneity -- like having an impromptu conversation around the water cooler -- that often induces us to lower our guard, making us vulnerable to IM-borne phishing scams and viruses, such as Kelvir and Bropia.
How viruses via IM work
Like traditional email viruses, IM-borne viruses appear as messages sent from someone you know, inviting you to click an attached file or a Web link for a self-proclaimed sexy photo or awesome information. And like email viruses, IM-borne viruses steal your IM contact lists (to send itself to other hapless IMers) and require you to open the file or visit an infected Web page in order to become infected. But unlike email viruses, which can be stopped en masse at the corporate mail server, IM-borne viruses hit randomly and sometimes with blinding speed.
To some degree, virus writers have included IM as a possible vector for their malicious code for several years. A few recent computer viruses, however, have been written exclusive to MSN Messenger. And within a few days of their appearance, we soon witnessed multiple variations.
But there's more to it. Assiral is a recent email virus that attempts to remove Bropia IM virus infections while infecting you with its own virus, and Crog (alias Summon or Serflog), an IM-borne virus that attempts to prevent anyone from ever removing it. This scenario sounds a lot like last year's email viruses Netsky, MyDoom, and Bagle. Summon and Assiral appear to be signs that traditional virus writers are getting comfortable with -- and even territorial over -- IM. And there's a reason why they might want to claim this territory early.
Why IM viruses should worry Microsoft
In the coming months, you'll hear Microsoft chairman Bill Gates making a big deal out of presence -- the ability to communicate in real time with anyone, anywhere. With Microsoft Office Communicator 2005, a new productivity application designed to find and connect people in real time (expected to ship within the first half of 2005), users of Microsoft Office with Live Communications Server 2005 will be able to determine from within any Office program who on your Outlook contact list is currently online, and then contact them via email, chat (using MSN, AOL and Yahoo) or by phone. Like simple IM, Communicator 2005 will provide the benefit of spontaneous meetings online. That's the upside.
The downside is that a single virus that can infiltrate email, IM and mobiles (such a triple-threat beast has yet to exist, but the tools are there now) might soon infect large parts of the Internet within 15 minutes or less. Such 'Andy Warhol' viruses have been suggested for years but have failed to materialise. Perhaps Microsoft's marriage of IM into Office will be the perfect vector for such maliciousness.
Prevention
Fortunately, many antivirus programs now block malicious downloads from infected Web pages and prevent malicious code from executing on your hard drive. But that assumes you have antivirus protection. For more comprehensive IM protection, there's nothing quite like Zone Labs' IMsecure, which specifically watches for malicious activity via instant messengers. A better choice, however, is ZoneAlarm Security Suite 5.5, which includes IMsecure along with its award-winning firewall and antivirus protection from Computer Associates.
Copyright © 1995-2008 CNET Networks, Inc. All rights reserved
ZDNET is a registered service mark of CNET Networks, Inc. ZDNET Logo is a service mark of CNET Networks, Inc.