The IMlogic Threat Center has published a pair of reports on instant messaging security recapping 2005 and looking forward to 2006.
According to the organization, 2005 was a year of growing sophistication for IM security threats, with 2006 promising to continue that trend as criminals are attracted to the opportunities IM’s rapid spread provides.
The 2005 review included hard numbers on the total number of unique threats faced by IM users. It claims a “1,693 percent increase in reported incidents of new real-time security threats,” and says there were “2,403 unique IM and P2P threats, including IM-specific attacks and blended threats which target IM and P2P applications.”
According to the report, 2005 was a year of unfortunate firsts in IM security, with the propagation of the first “intelligent worm,” which chatted with its intended victims to lull them into installing its payload; and the advent of worms designed to take advantage of IM clients capable of accessing multiple networks.
Not all networks were equally targeted by malicious software.
The report said Microsoft’s MSN Messenger was the target of 57 percent of reported IM security incidents, though a recent Radicati group report pegged Messenger’s share of the worldwide IM market at about 25 percent.
AOL/ICQ, which Radicati reports holds a 56 percent share of the market, was the target of 34 percent of the attacks reported by the IMlogic Threat Center; and Yahoo’s IM offering, holding 19 percent of the market, was the target of nine percent of reported attacks.
Looking ahead to next year, the “IMlogic Top 5 Instant Messaging Security Risks for 2006” report says major threats will include IM network interoperability, which has been on the agenda of the major IM players since last year; increasing technological sophistication on the part of attackers, and increasingly heavy corporate losses due to intellectual property leaks.
“Intellectual property loss will come to the forefront as IT and security organizations begin monitoring file transfer usage more closely as part of established corporate IM communications policies,” the center said in a statement.
Copies of both reports are available at the IMlogic Threat Center Web site.