Over the last four years, I've been saying that instant messaging (IM) is a security threat waiting to happen. While a few random computer viruses over the years have exploited IMs, there's been a definite uptick in IM-borne virus activity within the last few weeks. Most of these IM-borne viruses have targeted MSN Messenger, although the ever popular AOL IM is not without its own problems. Microsoft's recent announcement regarding greater IM capabilities within Microsoft Office, however, could set the stage for faster and more efficient computer virus attacks in the very near future.

How IM works
IM requires a downloadable client running on your hard drive and an open connection to the Internet. Unlike e-mail, which uses the same port all the time--port 25--and can therefore be scanned, filtered, and managed for security purposes by corporate IT, IM apps use a variety of Internet ports and run different protocols, sometimes making it difficult for IT departments to set up security tools to monitor them.

	IM-borne viruses appear as a message sent from someone you know, inviting you to click an attached file or a Web link for a self-proclaimed sexy photo or awesome information.

Like e-mail, IM clients include contact lists, sometimes called buddy lists. Unlike e-mail, however, IM clients also report whether you're sitting at your keyboard--an emerging privacy issue. Virtually none of the proprietary messengers use encryption, which is why financial institutions usually either ban their use entirely or opt for specially encrypted chat apps. And unlike e-mail, IM messages are in real time and often read like a transcript of a phone conversation rather than a formal letter. It is this spontaneity--like having an impromptu conversation around the water cooler--that often induces us to lower our guard, making us vulnerable to IM-borne phishing scams and viruses, such as Kelvir and Bropia.

How viruses via IM work
Like traditional e-mail viruses, IM-borne viruses appear as messages sent from someone you know, inviting you to click an attached file or a Web link for a self-proclaimed sexy photo or awesome information. And like e-mail viruses, IM-borne viruses steal your IM contact lists (to send itself to other hapless IMers) and require you to open the file or visit an infected Web page in order to become infected. But unlike e-mail viruses, which can be stopped en masse at the corporate mail server, IM-borne viruses hit randomly and sometimes with blinding speed.

To some degree, virus writers have included IM as a possible vector for their malicious code for several years. A few recent computer viruses, however, have been written exclusive to MSN Messenger. And within a few days of their appearance, we soon witnessed multiple variations.

A single virus that can infiltrate e-mail, IM, and mobiles (such a triple-threat beast has yet to exist, but the tools are there now) might soon infect large parts of the Internet within 15 minutes or less.

But there's more to it. Assiral is a recent e-mail virus that attempts to remove Bropia IM virus infections while infecting you with its own virus, and Crog (alias Summon or Serflog), an IM-borne virus that attempts to prevent anyone from ever removing it. This scenario sounds a lot like last year's e-mail viruses Netsky, MyDoom, and Bagle. Summon and Assiral appear to be signs that traditional virus writers are getting comfortable with and even territorial over IM. And there's a reason why they might want to claim this territory early.

Why IM viruses should be worrisome to Microsoft
In the coming months, you'll hear Microsoft chairman Bill Gates making a big deal out of presence--the ability to communicate in real time with anyone, anywhere. With Microsoft Office Communicator 2005, a new productivity app designed to find and connect people in real time (expected to ship within the first half of 2005), users of Microsoft Office with Live Communications Server 2005 will be able to determine from within any Office app who on your Outlook contact list is currently online, then contact them via e-mail, chat (using MSN, AOL, and Yahoo), or by phone. Like simple IM, Communicator will provide the benefit of spontaneous meetings online. That's the upside.

The downside is that a single virus that can infiltrate e-mail, IM, and mobiles (such a triple-threat beast has yet to exist, but the tools are there now) might soon infect large parts of the Internet within 15 minutes or less. Such "Andy Warhol" viruses have been suggested for years but have failed to materialize. Perhaps Microsoft's marriage of IM into Office will be the perfect vector for such maliciousness.

Prevention
Fortunately, many antivirus apps now block malicious downloads from infected Web pages and prevent malicious code from executing on your hard drive. But that assumes you have antivirus protection. For more comprehensive IM protection, there's nothing quite like Zone Labs IMsecure, which specifically watches for malicious activity via instant messengers. A better choice, however, is ZoneAlarm Internet Security 5.5, which includes IMsecure along with its award-winning firewall and antivirus protection from Computer Associates.

Should you give up your IM access if viruses writers keep using it? Why or why not? Talk back to me