"Hey, I thought you would be interested in this …" I know a guy who got an IM from a trusted friend. The message said, “Hey, I thought you would be interested in this.” This was link-underlined, so he quickly clicked it.The result was, to refer back to last week’s column on “24,” as if President Palmer had decided to use the nuclear option and bombed a country and that country instantly began bombing back — and then everyone with a bomb began to let fly. Whatever he had clicked on instantly began sending the same “Hey, I thought you would be interested in this” message to everyone on his buddy list. If any buddies clicked the link, he then received yet another message in return.When this guy checked his e-mail, he saw a message from his trusted friend telling him not to click on any instant messages from said friend. Too little, too late. Instant messages are just that — instant — and so are their viruses. What this guy clicked on was most likely Oscarbot-B or Doyorg, two new worms that hijack the list of contacts or “Buddies” in an infected user’s IM account.On machines where the infection successfully occurs, the worm creates a back door into the IRC to download and run files upon the instruction of the attacker, turning the PC into a zombie or bot.Although the initial attack happens as rapidly as a SWAT team taking down a kitten, the infection cycle remains fairly benign unless there are further instructions from the attacker. This is typical of many initial malware and virus attacks, says Francis Costello, chief marketing officer of IM security vendor Akonix Systems. “Many initial attacks are benign at first. They are essentially dry runs to test designs, so that attackers can determine how successful they can be in the future.” According to figures from Akonix, attacks against major IM networks rose 400 percent last quarter over the previous year’s figures. There were 25 major IM attacks in the first quarter of 2005, up from a measly five in the same quarter last year.Aside from the increase, Costello says, Akonix is also seeing more damaging attacks this year. “In addition, we’re seeing more mutations of an attack, which makes it more difficult to defend,” he adds.Costello advises IM users to be cautious about accepting everything they receive via their IM network. “IM is a trusted relationship, but you can’t really count on that. You have to make sure you’re getting a legitimate message,” he explains. For corporations, he recommends (not surprisingly) using a product such as Akonix’s perimeter security tool to maintain IM integrity. But even that can be difficult, Costello admits.“IM is somewhat different than corporate e-mail. In some cases, people using IM don’t separate their personal and office use and that makes it even more difficult to police,” Costello says.Individuals might also use an open source IM client (the equivalent of using Firefox instead of IE) such as GAIM. Not all corporate VPNs work with these open source clients, however, so they require extra diligence. For the time being, the next time I … I mean, this guy … gets an instant message, I think he’ll be a bit more careful. Software Development