IM Worms: The Next Generation of Malware

by Preston Gralla

Wondering where the next generation of malware will come from? Just take a look at your instant messenger program. You'll find the answer there.

Email worms aren't much of a danger these days -- anti-virus software catches them, system administrators know how to combat them, and users have smartened up so they're less likely to be fooled by them.

But Malware The Next Generation is headed your way --- directly from your instant messaging program.

That's the conclusion of a new report by Alexander Gostev, Senior Virus Analyst of Kaspersky Lab, that traces the evolution of malware from January through March of this year.

The report notes that the first part of 2005 brought a "notable increase" in IM malware. Most alarming, said Gostev, was that it appears this type of malware is in its infancy, and at the moment is most likely being written by inexperienced "script kiddies." He draws that conclusion because most of the IM malware is written in Visual Basic. Most target MSN Messenger. When more sophisticated programmers get into the act, expect the malware to become more dangerous and insidious.

Don't count on your anti-virus software being of help; not all detect IM malware. And much IM malware relies on social engineering --- for example, an IM will appear to come from a friend, telling you to click a link. It's really from the malware, and when you click a link, malware is downloaded.

So just because you haven't been hit by an email worm recently, doesn't mean you should feel smug. IM malware is headed your way, and it most likely will pack a bigger wallop than today's rudimentary malware worms.

What do you think about the dangers of IM malware? Have you been victimized? Let me know.