Instant Message Security


Instant messaging is an increasingly popular method for communicating over the Internet. Because of this almost immediate two-way communication, many users feel that the use of instant messaging in the workplace leads to better communication and, therefore, to higher productivity. As a result, IM is increasing the recognition in both professional and personal applications. However, as with most things Internet based, the increasing use of instant messaging has led to an associated increase in the number of security risks. IM networks are an increasingly common channel for the spread of malware such as viruses, worms and spyware. IM and spyware applications are both network-enabled applications that operate outside the control of the corporate IT department. This highlights the dilemma facing both IT staff and security vendors.

What makes Instant Messaging different from a security prospective is that it is astonishingly faster than email and can be easier to fall for. The reasoning is that most Trojans and worms are spread through buddy lists, and since people tend to trust their friends and coworkers, they inevitably fall victim. Thus as more users get infected, it spreads even quicker, and because of six degrees of separation, essentially every person will be hit at some point in time.

How IM Viruses Work


Like traditional e-mail viruses, IM-borne viruses appear as messages sent from someone you know, inviting you to click an attached file or a Web link for a self-proclaimed sexy photo or awesome information. And like e-mail viruses, IM-borne viruses steal your IM contact lists (to send itself to other hopeless IMers) and require you to open the file or visit an infected Web page in order to become infected. But unlike e-mail viruses, which can be stopped in masses at the corporate mail server, IM-borne viruses hit randomly and sometimes with blinding speed.

external image 050307_messenger_hmed_5p.hmedium.jpg

Main Security Risks


According to the research firm Gartner, 90% of people with business email accounts will also have IM accounts by 2010, despite 70% of IT executives claiming to have banned IM programs from their networks. It is clear that regardless of whether IM programs are authorized or not, IM security is becoming a large factor in the overall security of a network. The following list demonstrates many common security risks that are being exploited via the use of IMs:
  • Spyware, Trojans, Viruses, and Worms
  • File Transfer Attacks
  • Spam over IM (SPIM)
  • Identity Theft
  • Client Vulnerabilities
  • HTTP Tunneling and Port Crawling
  • Confidential Information Leaks

Types of Viruses


The number of instant messaging worms is rising steadily. This is made clear when one considers the list of recent IM worms:


What is being done?


Talks of a unified messaging system is in the works where all virtual communication is controlled at once and made easier to manage. Strict policies are being set for businesses where all chats are logged and certain situations there are "Chinese walls" that only allow you to talk to certain other groups.
Multiple IM defender programs are springing up in order to help businesses and casual users.

Akonix was the first company to provide a product that offers IM security and archiving with its L7 Enterprise software in 2002. Although there are now many other companies to provide such software, most of them are very similar with regards to the way they operate and handle instant messages. The L7 Enterprise software does more than just block IM attacks; it is a full suite of services that logs instant message conversations (as required by law for businesses), prevents unauthorized use of IM programs, limits IM applications and features, and defends against SPIM and other unwanted instant messages. It also supports all major public IM programs, is tamper-proof, and is transparent to the end user.

IM Defenders


PPM_IM-082806.jpg

Conclusion


Because hackers generally target specific computer systems, they aren’t the biggest threat for any instant messaging network as a whole. On the other hand, worms are non-discriminate and target all computer systems of a particular network. As a result, they appear to pose the biggest threat for the future. There have been worms that use security exploits and become widespread in a very short amount of time. Code Red and Nimda are examples of worms that used security exploits to spread themselves quickly.

The number of worms for instant messaging is increasing each month, and looking at the success of some of these worms, clearly instant messaging is an up and coming platform for malicious threats. Furthermore, there are many exploits available for the various clients. As a result, security professionals and end users alike need to be aware of the security issues involved with instant messaging. As with any Internet-based technology, the best way to make ensure the security of instant messaging services is to educate users of the risks involved and the means of justifying those risks, preferably before a serious incident occurs.