Security Watch | Matt Hines » IM-based threats still lurking

January 03, 2008 | Comments: (0)

IM-based threats still lurking

TAGS: Security

Over the last several years the malware research community has seen the dramatic shift away from attacks sent to end users via e-mail attachment or instant messages toward greater use of compromised Web sites to distribute nefarious code -- but, beware, the IM channel is still harboring plenty of threats.

Many of the IM-based threats are also being used to trick people into visiting said malware-laden Web sites, of course.

According to Akonix Systems, its researchers tracked some 18 new malware attacks being delivered via IM during the month of December '07, bringing the total volume of IM-based threats that it uncovered to 346 for the entire year of 2007.

Considering that Symantec researchers observed some 212,101 new malware attacks during the first half of 2007 alone, the number hardly jumps off the page, but, one can imagine that as cyber-criminals begin running into more defense mechanisms used to stop their cross-site scripting threats, for instance, they may turn their attention back to IM channels.

For proof of that notion, just look at the revolving door of spam models that we're seeing in use today, with the people responsible for those attacks increasingly moving back to traditional methods for text inclusion when their higher-tech image files or obfuscation techniques get parried by security vendors.

Sometimes the oldest tricks in the book still work, it would seem.

Some of the newest IM worms identified by Akonix in December include Cargar, Etest and YMWorm. The researchers said that Etest, Mytob and Sohana were the most common attacks that it found, with two variants in circulation apiece.

More disturbing, Akonix reports attacks on P2P networks, such as Kazaa and eDonkey, increased 125 percent in December, compared to November, accounting for 27 attacks. If you buy into what most researchers are predicting for 2008, an increasing number of such Web 2.0 security threats are sure to follow.

Like other types of threats, the company said that IM-based attacks are becoming more sophisticated. Hackers have also begun targeting users of unified communications more directly, with IM threats mixed into their bag of tricks, according to the research report.

"2007 marked an increase in the complexity and harmful design of IM trojans and viruses; we're continuing to see hackers use this popular medium to steal private data from which they can profit," Don Montgomery, VP of marketing at Akonix, said in a research summary.

"In addition, the increasing adoption of unified communications in 2008 will introduce new corporate vulnerabilities and liabilities, including the number of entry points that can be compromised," said the expert.

Thankfully, at least one individual using the tried and true IM channel to proliferate their botnet attack got busted and charged by authorities in late 2007.

Highlighted by the prosecuting United States Attorney's Office for the Central District of California as the "first prosecution of its kind in the nation," John Schiefer, 26, of Los Angeles (aka "Acidstorm"), agreed to plead guilty to four felony counts related to his use of IM-driven botnets to steal information and carry out identity fraud.

Schiefer was charged specifically by the Golden State with accessing protected computers to conduct fraud, disclosing illegally intercepted electronic communications, wire fraud and bank fraud in November.

Once convicted, Scheifer faces a maximum prison sentence of 60 years and a $1.75 million fine for operating a botnet of around 250,000 infected computers, installing password-sniffing software on roughly half of them, and then using stolen PayPal credentials to pay for hosting and other resources to help spread his botnet.

The suspect was caught as part of the FBI's Bot Roast II project.
60 years! Wow. I wonder who he'll IM from jail.

Posted by Matt Hines on January 3, 2008 08:46 AM

RATE THIS ARTICLE: