Worms and viruses have traditionally infected email addresses and files in computers, but now malicious software (malware) can infect your system through instant messaging (IM).
Similar to spam, spim comprises unsolicited messages sent via IM. It can be used to lure unsuspecting users to websites designed to collect private information.
The most prevalent threats to IM include password stealing, impersonation and privacy intrusion, among others. Internet security firm Symantec says that three per cent of malicious code was propagated though IM in 2007 and it has risen to 4 per cent in 2008.
“Because IM was initially developed for social chats, security was not a priority. Now that IM use is increasing in business, attackers are finding that most IM systems are virtually unprotected, so threats to it are quickly increasing,” said Shantanu Ghosh, VP, India Product Operations, Symantec.
Much like threats sent by email, worms and Trojan horses via IM can compromise the user’s IT system as it can configure the client to give access to all files on a computer via peer-to-peer file sharing. This makes the whole computer system vulnerable to attackers. Moreover, the hacker can have access to the user’s screen name and his entire list of IM contacts
These attacks can also harm the intellectual property of enterprises. “This is a good way of spreading malware and employees may not even be aware of the ramifications of their IM conversations,” said Steve Redman, president, Asia Pacific, McAfee, Inc.
Abhinav Karnwal, product marketing manager, APEC, Trend Micro, says that while IM has become one of the favorite ways to keep in constant touch for most internet users, there are several steps that enterprises can take towards creating a more secure IM environment for their employees like educating them, enforcing company policies on the proper uses of IM, encrypting IM conversations besides installing desktop firewalls and antivirus on all machines.
