IMlogic's Threat Center said its data showed that huge increase in malicious code aimed at IM services between October 2004 and October 2005. Of these, 87 percent of unique IM-targeted attacks were worms, 12 percent were viruses and one percent was client vulnerabilities, according to the research.
Very few of the attacks have caused serious damage, according to. However, an unlucky 13 companies on the Fortune 50 have been hit with an IM-related security incident in the past six months, said Francis De Souza, CEO of the company, which provides products to protect messaging systems against attacks. He cited one instance in which 10,000 desktops were taken out.
"Attacks you can do over IM are more powerful. You don't just send messages, you can take over somebody's PC," De Souza said.
"IM is built for the very rapid spread of information," he added. "Messages get where they're going very quickly, but this means threats can also spread very quickly."
De Souza acknowledged that instant messaging services have yet to see the level of outbreak or serious threat which will really put the issue in the spotlight. "But we've had a few shots across the bows," he said.
The most commonly targeted IM service over the past year was MSN Messenger, whichof 62 percent of instances, according to IMLogic's data. Second was American Online's with 31 percent, and third was with 7 percent. September 2005 saw a reversal of the top two, with AOL targeted 66 percent of the time, MSN 33 percent and Yahoo 1 percent.
The IMlogic statistics also indicated that all threats exploited some form of social engineering in order to launch. These included techniques such as tempting users with an enticement to click on a link or attachment, suggesting it is still within the power of users who employ common sense to protect themselves.
Will Sturgeon of Silicon.com reported from London.