Plague of mutant worms targets IM systems

Instant Messaging (IM) systems are coming under sustained attack from a record number of mutant worms, security watchers have warned.

According to IMlogic Threat Center, the recent jump in worm mutations poses the largest threat to corporate and consumer IM use due to the difficulty in consistently maintaining up-to-date virus protection on local and mobile systems. It notes that, as a leading indicator for the number of mutations to expect, the Kelvir worm has mutated 123 times during the last 11 months.

Most disturbing, with the latest mutation trend, is the breadth of threats which have mutated; more than 88 percent of all IM worms tracked by IMlogic Threat Center have demonstrated mutations. In addition, traditional email worms have begun spreading through IM. For example the email Rbot worm which has mutated over 600 times since first being discovered in email, now has over 13 mutations using IM for distribution.

Kelvir was found to be the most prevalent mutant worm, accounting for 41 percent of mutations, followed by Bropia with 10 percent and Opanki with 8 percent of worms that are delivered only by IM. However the number of blended threats using the public IM networks for distribution is also found to be increasing, with over 26 newly detected IM-based mutations appearing in the top three traditionally email distributed worm groups of Rbot, Sdbot and Mytob.

In 2005, 62 percent of mutating IM threats targeted the MSN network via Windows Messenger or MSN Messenger, 25 percent targeted AOL and 8 percent targeted the Yahoo! instant messaging network. During the month of October, more than 70 percent of worms identified delivered malware capable of disabling existing desktop security software and undermined traditional anti-virus detection and protection capabilities.

The combination of IM threats mutating to avoid existing virus protection, the increasing sophistication of IM viruses and the mutations of threats across distribution modes has created IM threats that are more capable of installing malware on the local machine, disabling existing desktop security software and antivirus systems, and capturing sensitive end-user information, IMLogic Threat Center warned.

"The rapid mutation of real-time security attacks over IM networks poses a unique challenge for enterprises," said IMlogic Chief Technology Officer Jon Sakoda.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.