Efforts by security professionals have been very effective over the past few years. The walls that protect network perimeters are higher than ever. Email is filtered, scanned, and stripped of malware and attachments of known exploitable file types. These developments present the external attacker with greater challenges. Looking for an easier way to get through network defenses, he’s beginning to exploit the inherent weaknesses of IM. In fact, recent attack trends indicate that IM is quickly moving to catch up with email as the favorite method of unauthorized access to business networks.
In the first quarter of 2005, there were 59 reported incidents of attacks that used IM. The number increased to 779 in the fourth quarter, with worms and root kits heading the IM malware list (Espiner, 2006). Continued increases of this magnitude will result in a shift away from hardened email systems and network perimeters to the softer target presented by IM. Figure 1 depicts a simple network with an IM user.
This document is in PDF format. To view it click here.