Content

Plague of mutant worms targets IM systems

Instant Messaging (IM) systems are coming under sustained attack from a record number of mutant worms, security watchers have warned.

According to IMlogic Threat Center, the recent jump in worm mutations poses the largest threat to corporate and consumer IM use due to the difficulty in consistently maintaining up-to-date virus protection on local and mobile systems. It notes that, as a leading indicator for the number of mutations to expect, the Kelvir worm has mutated 123 times during the last 11 months.

Most disturbing, with the latest mutation trend, is the breadth of threats which have mutated; more than 88 percent of all IM worms tracked by IMlogic Threat Center have demonstrated mutations. In addition, traditional email worms have begun spreading through IM. For example the email Rbot worm which has mutated over 600 times since first being discovered in email, now has over 13 mutations using IM for distribution.

Kelvir was found to be the most prevalent mutant worm, accounting for 41 percent of mutations, followed by Bropia with 10 percent and Opanki with 8 percent of worms that are delivered only by IM. However the number of blended threats using the public IM networks for distribution is also found to be increasing, with over 26 newly detected IM-based mutations appearing in the top three traditionally email distributed worm groups of Rbot, Sdbot and Mytob.

In 2005, 62 percent of mutating IM threats targeted the MSN network via Windows Messenger or MSN Messenger, 25 percent targeted AOL and 8 percent targeted the Yahoo! instant messaging network. During the month of October, more than 70 percent of worms identified delivered malware capable of disabling existing desktop security software and undermined traditional anti-virus detection and protection capabilities.

The combination of IM threats mutating to avoid existing virus protection, the increasing sophistication of IM viruses and the mutations of threats across distribution modes has created IM threats that are more capable of installing malware on the local machine, disabling existing desktop security software and antivirus systems, and capturing sensitive end-user information, IMLogic Threat Center warned.

"The rapid mutation of real-time security attacks over IM networks poses a unique challenge for enterprises," said IMlogic Chief Technology Officer Jon Sakoda.

www.imlogic.com

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.