GCN Tech Blog

By GCN Staff

Blog archive

The gathering IM storm

We've not yet encountered one here at the GCN Insider desk, but we're hearing more and more reports of malware targeting instant messaging clients. It's only natural, really. We've probably ignored the issue for as long as we have because instant messaging has been slow to take off in the enterprise (meaning legitimately, under the watchful eye of IT shops).

Agencies that don't have tight client computing policies and configuration management systems can assume they have users who've downloaded standard IM clients. Those users are likely IM-ing co-workers to help them do their jobs better--it's a great tool. But they're also probably IM-ing friends and family. As IM becomes a bigger target, locking it down is more important.

Akonix Systems today said its analysts and security partners had identified 17 IM attacks this month and 111 over the first six months of 2006. They have names like BlackAngel, Gaobot, Tilebot and Mesoto. They target IM, Internet Relay Chat and peer-to-peer networks (most seem aimed at IRC). Many are garden-variety Trojans and worms that install themselves in the user's registry and allow outsiders to access the user's system.

In other words, security pros know these types of threats, but they may not have paid as much attention to IM as an avenue for attacking the enterprise. For its part, Akonix has been doing IM security for a while and trying to impress on enterprises the gathering IM security threat. The company makes IM appliances and enterprise software (it also offers free trials).

As you'd expect, IM security is fast becoming its own market. Earlier this year Symantec Corp. bought a company called IMlogic to bolster its IM Manager software. Trend Micro is also among the many companies selling IM security products, in this case for Microsoft Office Live Communications Server. And FaceTime Communications, like Akonix, sells appliances and monitors IM threats.

By some reports, though, enterprises still don't take IM security as seriously as they might. Apparently they're of the opinion that they don't want to invest in technology until they're sure a threat exists (which is to say, until they're brought down by an IM attack).

Understandable, but potentially regrettable. In a time of tight IT budgets, it can be hard to decide where the dollars go. Staying on top of the trends is a key step.

Posted by Brad Grimes

Posted by Brad Grimes, Joab Jackson on Jun 28, 2006 at 9:39 AM


Featured

  • Management
    people standing on keyboard (Who is Danny/Shutterstock.com)

    OPM-GSA merger plan detailed in legislative proposal

    The White House is proposing legislation for a dramatic overhaul of human resources inside government and wants $50 million to execute the plan.

  • Cloud
    cloud applications (chanpipat/Shutterstock.com)

    GSA plans civilian DEOS counterpart

    GSA is developing a cloud email and enterprise services contract inspired by the single-source vehicle the Department of Defense devised for back-office software.

  • Defense
    software (whiteMocca/Shutterstock.com)

    DOD looks to unify software spending for 2020

    Defense Department acquisition head, Ellen Lord, hopes to simplify software buying and improve business systems following the release of the Defense Innovation Board's final software acquisition study.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.