Contact Us divider Newsletter Signup divider How to Buy dividerFaceForward Blog
Home | IMPact Report 2005
Contact Sales
 

IMPact Report

Summary Analysis of IM & P2P Threats in 2005

According to IDC, more than 28 million business users worldwide use instant messaging (IM) to send nearly 1 billion messages each day at work.

Year on Year Growth
While the use of IM as a primary communication method has increased by 19% in 2005 over 2004, the growth in security incidents enabled by IM, P2P and chat networks is exponentially faster, by a factor of more than one hundred.

IM Growth Security incidents involving the use of chat, IM, and P2P networks are up 2200% in 2005 over 2004

Incident frequency has increased from one every four days in 2004 to six incidents per day in 2005, with an aggregated growth rate of 90% (CAGR) during 2005 alone. It appears that malware distribution mechanisms and their progenitors are encountering very little in the way of protection in these channels, despite their widespread use in corporations.

Incident frequency has increased more than 1300% between the first and last quarters of 2005 IM Quarterly Growth

Microsoft's MSN continues to attract the largest number of security incidents among the three major public IM networks - 182 were reported to the FaceTime Security Labs in 2005, compared with 43 in 2004. However, the 'honor' of fastest-growing malware distribution channel goes to AIM, up from 9 in 2004 to 117 in 2005.

IM Network Increases Microsoft's MSN continues to attract the largest number of security incidents among the three major public IM networks

AIM hit the security incident headlines in November 2005 when FaceTime researchers uncovered the full extent of the threat posed by the AIM Rootkit worm. Acting as a backdoor for additional malware to be downloaded, the worm enabled a root kit-powered botnet, subsequently linked to a Middle Eastern hacking organization, which opened up networks to the theft of usernames, passwords, and other confidential information through the use of keyloggers and other unauthorized system monitoring tools in the course of Internet Relay Chat (IRC) communication sessions.

IM Network Attacks While the MSN network continued to show the largest number of incidents in 2005, year-on-year growth rates were highest for AOL Instant Messenger (AIM)

Attack Vectors and Distribution Channels
Chat is clearly the hacker community's high-vulnerability channel of choice for malware distribution; chat-related vectors accounted for 80% of security incidents in 2005 and showed the fastest growth rate (5608%) over the previous year. File sharing through P2P networks, while the least-used distribution channel in 2005, showed an extremely aggressive growth rate of almost 4000% over 2004 levels, dwarfing IM's growth rate of 950%.

By Q4 2005 it was 19 times more likely that individual viruses and other security breaches would make use of two or more distribution channels than in the first quarter of 2005 IM Vector Attacks></td> </tr> </table><br> <p>The combined rapid growth rates of chat and P2P as distribution mechanisms is a key indicator of the increased use of multi-channel attacks (also a characteristic of the AIM rootkit). Attacks that use more than one distribution channel increased tenfold between the first and fourth quarters of 2005, equivalent to a 109% quarter-on-quarter growth rate. While most incidents are restricted to the use of two channels, FaceTime researchers have recorded incidents using as many as five different networks, suggesting that both the attacks and the attackers are becoming more sophisticated. </p> <table cellpadding=
IM Vector Increases By Q4 2005 it was 19 times more likely that individual viruses and other security breaches would make use of two or more distribution channels than in the first quarter of 2005

Predictions for 2006
FaceTime believes that we will see a continuing increase in both frequency and complexity of greynet threats in the coming year. The AOL Rootkit was just the beginning; 2005 also saw the use of adware payloads as decoys, encoded urls that evade detection, ever-more sophisticated social engineering tactics to manipulate users. Additional devices to be on the lookout for in 2006 will include:

  • Attacks aimed at the chat client itself, rather than requiring the user to click on a link for infection to take place
  • More exploitation of BitTorrent, Skype, and other P2P network tools widely used for legitimate purposes in corporations
  • Massively distributed IRC 'farms' where potentially hundreds or thousands of infected user (host) PCs are used to test reworked infections
  • The establishment of botnets for criminal activity or cyberterrorism
  • A greater shift away from standard web-page drive-bys towards more precisely-targeted attacks
  • VOIP-based 'crank calls' via the Internet

Users of other and newer public IM networks such as Google's GoogleTalk should expect to see those networks increasingly become targets for hackers as their customer bases grow.

Key Take-Aways
  • The use of chat, P2P and IM networks as threat distribution vectors is accelerating extremely rapidly
  • Hackers are becoming more sophisticated in both strategy and tactics, with an emphasis on tangible 'rewards'
  • Enterprises are not defending these channels with the rigor required to adequately protect their networks

FaceTime Communications is focused on understanding and protecting corporate networks against the security threat posed by the accidental or intentional use of IM and other greynet applications, including chat and peer-to-peer (P2P) networks.


Read the 2006 Q2 IMPact Report

Read the 2006 Q1 IMPact Report

  
Search Greynet Applications
Search IM and P2P Threats
Filter search by:
Search Spyware Threats
FaceTime IMPact Index
What is the IMPact Index?

Add the IMPact Index to
your site
 
Home  | Company  | Solutions  | Products  | Partners  | Support  | News & Events  | Security Labs  | Site Map  | RSS Feeds  | Contact Us
© Copyright 2003-2008, FaceTime Communications, Inc. All rights reserved.   Privacy Policy