Under the Radar: IM Emerging as a Stealth Threat
Instant messaging has moved out of your kid's bedroom and into the office next door. And this could spell trouble for your network security administrator. First, though, they have to know it's there -- and many don't.
Because IM clients reside on users' desktops and communicate with the outside world using http, it is difficult to identify IM messages from everyday Web traffic. Yet, IM clients are basically interpretation programs, like Microsoft Word, that can execute all manner of attachments, thus creating a backdoor into the corporate network, said Fred Cohen, a principal analyst with the Burton Group.
"Companies that don't have a proper policy in place and the technological safegards to support that policy have big (security) holes," he said.
While there are products to control, track and/or block the usage of IM, few IT managers have fielded solutions. Instead, they focus their time on more immediate and well-defined threats such as viruses, hackers, worms and Trojans, Cohen said. Yet, blended threats that look for the easiest entry into the network -- either email or IM -- are becoming more common.
While 17% may not seem like much of a threat, the actual number of users is probably much higher since most employees are not likely to admit they use it, said Francis deSouza, founder and CEO of IM Logic, which makes IM tracking and management software.
deSouza has seen research indicating IM usage is common in up to 84% of companies. Some 20 million employees are estimated to be IM users, he said, yet the commercial IM products, such as Lotus Sametime, account for only a few million seats.
"That tells you ... most of these companies have their users on AOL, MSN or Yahoo!," he said.
As Web-based and browser-based attacks that require no opened attachment from which to launch also increase (such as the recent Sasser virus and Web pages that need only be visited to release a viral payload) IM becomes even more of a threat to corporate networks, said Richard Kagan, vice president of Marketing for Fortinet, a hardware firewall maker.
"It's incredibly common for links to be embedded in IM," he said. "Much more so than attachments; 'Here, check this out' and bang, you're done."