Worms sent via IM pose serious, growing threat
Virulent new worms that exploit vulnerable instant messaging (IM) clients and could infect hundreds of thousands of computers in seconds are a real threat for Internet users worldwide, according to security researchers from Symantec Corp. A small but growing number of documented IM security holes and the rapid adoption of IM technology within corporations are combining to pose significant risks of infection and information theft, the two researchers said Friday at the Virus Bulletin conference in Toronto. Currently, there are about 60 published IM vulnerabilities, according to Eric Chien, chief researcher at Symantec Security Response in Dublin, Ireland. Those range from security holes that could be used to crash IM clients in denial of service (DOS) attacks to those that allow attackers to remotely install and run malicious code on computers running the vulnerable IM clients. Such vulnerabilities are already being used by hackers to compromise individual machines, Chien said.