Return to UOCC HomeComputing News Home
Header bar

Threat of Instant Messenger Worms Grows

Trevor Sehrer
tsehrer@oregon.uoregon.edu

As the use of instant messaging software such as AOL Instant Messenger, MSN Messenger, and Yahoo! Messenger grows, so to does the threat of infection by instant messenger (IM) worms.

Recently, there has been a tremendous increase in the number of IM worms out in the wild. According to the IMlogic Threat Center, over 30 new threats to instant messaging software have been recorded since the beginning of 2005 alone.

Unlike traditional worms, IM worms have the advantage of propagating in an environment with a built-in list of potentially vulnerable hosts. While a regular worm needs to scan for future hosts to attach to, the buddy lists that are an intrinsic part of IM software help take the guesswork out of finding new hosts to infect. This is similar to how email-borne viruses spread through address books. As with email-borne viruses, IM infection requires some form of user participation, such as clicking on a link or accepting an unsolicited file transfer request.

Fortunately, IM attacks have not yet wreaked the havoc caused by earlier infestations such as CodeRed or Sasser, but many experts feel it is only a matter of time until worm authors find a way to allow the worm to spread without requiring user intervention.

What Can You Do to Protect Yourself?

Absent removal of IM software, there are a number of things you can do to help mitigate the IM worm threat:

  1. Don't click on unsolicited links. While chatting, if out of the blue you receive a file transfer request from a colleague, or a URL that contains a link to an executable or rarely seen file format (.PIF for example), spend a few keystrokes validating the identity of the sender.
  2. Update, update, update. Most vendors release updated versions of their IM clients on a regular basis. When you update, not only do you get new software that often includes additional features and bug fixes, but you also lower the risk to your computer should a high-level IM worm threat emerge.
  3. Enterprise users should use enterprise class IM software. Many software vendors sell corporate and institutional software suites for consumer IM clients. These enterprise class software packages use cryptography and other features to help protect the interests of large businesses. In addition, they provide a more secure infrastructure that is less friendly to IM threats.
  4. Use a different client. Since IM worms are crafted to target a specific client, by using a client such as Gaim or Trillian, you not only receive the benefit of having multiple IM protocols in one client, but you also substantially reduce your risk of becoming infected with an IM worm.
Following these tips will give you a leg up on providing a strong measure of security against the current onslaught of IM worms, as well as helping you guard against future threats.
Spring 2005 Computing News | Computing Center Home Page