Industry buzz - IT Security

Instant Messaging and Security

Instant Messaging (IM) is increasingly popular as a tool for communicating over the Internet. It is a real-time addition to, and a replacement for, e-mailing. It allows two-way instant communication in real-time, and because of this the majority of its users feel it is a more effective and efficient way of communicating. But does it pose a threat to the security of a company's IT infrastructure?

IM consists of clients and servers; the providing vendor could be AOL, ICQ, Yahoo or MSN (different protocols dictate the chosen vendors' interoperability with other IMs). IM allows not only the transfer of text, but also documents and files - this is potentially a backdoor for Trojan Horses. Hackers can use IM to gain backdoor access to PCs without opening a port; this circumnavigates desktop and perimeter firewalls. A hacker won't need to scan unknown IP-addresses but simply trawl through a book full of trusted 'buddy lists'. The implication of this is that all the files on a PC can be shared using the IM client, which in turn could lead to the spread of files that are infected with a virus or other malware.

The threat from IM worms is increasing, and vendors are reacting to the threat from Trojan Horses, Denial of Service attacks and Information Disclosure. There are vendors out there who have reacted, but the threat remains that the IM network as a whole is at risk.

IM is unlikely to exceed email as the primary cause of infection, but companies should not disregard the threat.

Share / Bookmark Subscribe to this post's comments using RSS