More than 200 million people worldwide used them in 2003 and according to estimates, this number should exceed 500 million in 2006. Obviously, Internet users can’t get enough of instant-messaging which offers such services as notifying users of incoming emails, indicating which friends are online, offering instant chat rooms (sometimes even accompanied by sound and images), provides for sharing all kinds of files, info on weather or breaking news, and we could go on. Faster than traditional email, these tools guarantee real-time conversation and lately have even enabled telephone calls over the web. Aware of the market’s importance, the famous search engine Google launched its own instant-messaging software, Google Talk, at the end of August.
There is no way that such a popular tool could avoid attack from virus creators. Ideal for reaching a large number of users and spreading all sorts of files, instant-messaging services have recently become the favoured targets of hackers. Forty new threats targeting these tools were observed in the first three months of 2005. According to a recent study, the number of malicious codes affecting instant-messaging services increased by 24% last July. And according to the experts, this trend isn’t going to stop anytime soon. The threat may even become more serious: until now the viruses affecting these programs were often written by “script-kiddies", young hackers with little experience. Now that more experienced hackers are entering the field, it seems like instant-messaging services will share the same fate of P2P networks (Peer to peer, file-sharing platforms).
Kelvir, Oscabot, Rants, Hagbard, Bizex: these mysterious names hide viruses which have caused considerable damage to users of instant-messaging services. MSN, Yahoo, AOL or ICQ, all the known sites – or nearly all – have been targeted by the pirates. Some of these viruses represent a limited threat due to their poor propagation. This was the case with Bizex, which attacked ICQ users in February 2004. The virus’ modus operandi is by now standard: the user receives an instant message inviting them to visit a website. After clicking on the suggested link, the Internet user ends up on a site containing a booby-trapped animation. But other similar codes have caused more serious damage: classified as a level 2 risk by Symantec, the Kelvir virus blocked Reuters’ professional instant-messaging service (based on MSN Messenger), thereby preventing communication between the agency’s employees and clients. Like the other viruses, Kelvir spreads through bogus instant messages, which seem to come from an acquaintance and which invite the user to visit an infected site. Once it has infiltrated its victim’s computer, it sends itself to all the contacts recorded in the software.
Some of these viruses, such as Hagbard, spread through both instant-messaging services and P2P networks. The malware traps its victims with file names referring to crack software or key generators for games. If the user clicks on the contaminated file, their Internet Explorer start page is modified and a web server which spreads the infection is installed on their machine. Last April, the Chod worm, classified as a level 2 (out of 5) risk by Symantec, targeted users of MSN Messenger and stole their passwords to numerous programs (including AOL and Yahoo Messenger). While some of these viruses also spread through P2P networks, they don’t yet inflict as much damage as the codes specifically designed for these networks such as Nopir, which spreads on eMule, Kazaa, Morpheus, and Gnucleus and deletes all the computer’s COM and MP3 files.
Current antivirus software – such as Norton AntiVirus 2006 – block viruses transmitted by instant-messaging services. They also analyze files received through these applications. However, in addition to software solutions, a few rules can also help you to protect yourself. General safety rules regarding emails also apply to instant messages. Don’t click on links contained within dubious messages. Configure your message service so that unknown contacts can’t send you messages or include you in their list of contacts. But don’t blindly click on messages coming from friends or acquaintances either, they aren’t necessarily safe!
