Under the Radar: IM Emerging as a Stealth Threat

Although not nearly as pervasive as email or Web browsers, instant messaging (IM) is becoming more and more popular in the corporate world. Yet most IT managers have no idea how widespread IM is within their organizations. And this is a problem — specifically, a security problem.

Because IM clients reside on users’ desktops and communicate with the outside world using http, it is difficult to identify IM messages from everyday Web traffic. Yet, IM clients are basically interpretation programs, like Microsoft Word, that can execute all manner of attachments, thus creating a backdoor into the corporate network, said Fred Cohen, a principal analyst with the Burton Group.

“Companies that don’t have a proper policy in place and the technological safegards to support that policy have big (security) holes,” he said.

While there are products to control, track and/or block the usage of IM, few IT managers have fielded solutions. Instead, they focus their time on more immediate and well-defined threats such as viruses, hackers, worms and Trojans, Cohen said. Yet, blended threats that look for the easiest entry into the network — either email or IM — are becoming more common.

According to a recent Websense/Harris Interactive poll of employee Web use, 17% of employees admit to using IM and 37% of those users also admit to downloading and opening attachments via IM, yet 64% of companies do not officially sanction its use.

While 17% may not seem like much of a threat, the actual number of users is probably much higher since most employees are not likely to admit they use it, said Francis deSouza, founder and CEO of IM Logic, which makes IM tracking and management software.

deSouza has seen research indicating IM usage is common in up to 84% of companies. Some 20 million employees are estimated to be IM users, he said, yet the commercial IM products, such as Lotus Sametime, account for only a few million seats.

“That tells you … most of these companies have their users on AOL, MSN or Yahoo!,” he said.

Lurking Links

As Web-based and browser-based attacks that require no opened attachment from which to launch also increase (such as the recent Sasser virus and Web pages that need only be visited to release a viral payload) IM becomes even more of a threat to corporate networks, said Richard Kagan, vice president of Marketing for Fortinet, a hardware firewall maker.

“It’s incredibly common for links to be embedded in IM,” he said. “Much more so than attachments; ‘Here, check this out’ and bang, you’re done.”