QUOTE |
Companies whose workers use one of the free public instant-messaging networks, such as AOL, Microsoft, or Yahoo--risk malicious attacks that could make the quick-spreading Sasser worm look like a snail, said a security analyst said Friday. "In instant messaging, we have a lot of the same security issues as in E-mail and networks," said Eric Chien, a senior researcher with Symantec's security response team. "Attacks can come in as attachments. There have already been some IM-related worms that send themselves to people on your buddy list, and IM lacks encryption." Public IM services such as those hosted by AOL, Yahoo, and Microsoft are extremely popular in the workplace. According to a recent study by the Ridicati Group, by the end of 2008, 88% of business IM users will rely on a public network. "No one wants to pay for something that they are already using for free," Ridicati analyst Genelle Hung said in an interview Monday. Using public IM networks poses some special problems for businesses. "IM the guy down the hall, and the message doesn't stay within the perimeter, as does E-mail," Symantec's Chien said. "It goes from the desktop onto the broader Internet to, say, Yahoo's servers, then from their servers back to the guy down the hall." That means it's difficult for a company to secure the clear-text of IM sent over public networks--and makes it much easier for hackers to exploit any IM client vulnerabilities. |