Malware findings 2007: instant messaging and P2P

FaceTime announced its initial findings of 2007 malware trends affecting today’s enterprise networks through instant messaging (IM), P2P file sharing and chat applications. During 2007 there were 1,088 incidents reported over all IM, P2P, and chat vectors.

Within the IM category, 19 percent of threats were reported on the AOL Instant Messenger network, 45 percent on MSN Messenger, 20 percent on Yahoo! Instant Messenger and 15 percent on all other IM networks including Jabber-based IM private networks. Attacks on these private networks have more than doubled in share since 2003, rising from seven percent of all IM attacks to 15 percent in 2007.

In 2007 researchers saw a shift in the non-IM vectors used to distribute viruses, malware and spyware. Most notable is the rise in IRC-distributed attacks: in 2006, IRC accounted for 58 percent of attacks, rising to 72 percent by year-end 2007.

During 2007, FaceTime researchers noted an increasing use of social engineering to propagate threats across IM networks and Skype, as well as over social networking sites such as MySpace.

Hackers often use social engineering – manipulation with contextual language to trick victims into clicking on links that launch infected files – to propagate malware over IM networks as well as within social networking sites. The files may take the form of multimedia (jpegs or movie files) or traditional executable files. This ranges from an IM appearing to be from a trusted buddy to fake MySpace comments, messages or friend requests.

For example, in September 2007 a virus propagated through MSN Messenger delivering a .zip file full of malicious code. Victims received messages appearing to be from those on their buddy lists saying “Do you remember this girl? I can’t believe she took this pic… do you know her?”

In November 2007, a Skype Worm propagated via a message stating “help me find this girl,” accompanied by an executable file named “photo,” which deposited a large number of infected files on the victim’s computer.




Share this