Smartphone risk
There's another potential IM time bomb. The communications software is becoming popular for exchanging messages between smartphones and computers, which means it could help viruses spread from PCs to mobile devices.
Vincent Weafer, senior director of Symantec's Security Response organisation, says that once IM threats begin to spread rapidly, it will be hard to keep them off of wireless gadgets.
"A huge amount of IM is now translated onto smartphones, especially in Europe and Asia," Weafer says. "So when you start looking at the problem, there's the reality that some of these threats could merge with the mobile threats."
Weafer contended that even when IM software makers address new viruses, it will be very hard to get people to update their devices, especially mobile phones.
"It's a social engineering issue," he says. "It's not so difficult to correct software flaws, but it's a monumental task in order to get people to download patches, or even to be aware that they need to get the necessary changes."
On the other hand, viruses that spread through PC-based IM clients might not be able to infect phone-based IM software, Weafer pointed out. In addition, most handset makers download automatic software updates to their models, which means they could protect devices without telling consumers they were doing so.
Neither AOL or Microsoft have made plans to launch marketing campaigns to alert people to IM threats, representatives for the companies says.
The increasing popularity of public IM applications in workplaces has opened corporate networks up to the threat of attacks too. But businesses tend to be less vulnerable targets than consumers, experts says, because most companies already have already installed firewalls and other protective technology. In addition, many companies won't allow employees to download certain files, such as attachments, over public IM networks.
Despite all this, some experts have predicted that a sharp increase in instant messaging virus attacks could cause many businesses that do not use corporate IM systems, or customised software meant just for in-house use, to reconsider whether to let workers install the applications.
According to these industry watchers, the best way to help people protect themselves is to instil the same distrust regarding Web links or attachments sent via IM that they have been taught to apply to email.
"People will need to relearn what they've been told in the past about email, but there are some new things, and it will take time to get the message across," says Shane Coursen, senior technology consultant for antivirus researcher Kaspersky Labs. "Software companies can only do so much to inform their customers. You have to convince them to look at every link or attachment with suspicion."
