IMLogic publishes two Top 5 Security Risks for Instant Messaging in 2004 and 2005, respectively. In 2005, the top 5 is as below:
- Blended Threats Include Instant Messaging
- Identity Theft, Spoofing, and Phishing over IM
- Advanced Spyware and SPAM over IM
- Information Security Leaks over IM
- Targeted Attacks on Enterprise Domains
while the top 5 in 2004 is:
- Viruses and Worms over IM
- Identity Theft and Authentication Spoofing
- Tunneling Through Firewalls
- Information Security Leaks
- SPIM or Spam over Instant Messaging
What differs 2005 against 2004 is that the priority of SPAM/SPIM: increased to 3rd from 5th. The openness and inter-op of IM services and clients will worsen the SPAM/SPIM threats in the near future.
Virus infections are most often sent via file transfers that bypass traditional gateway anti-virus security. IM and P2P attacks also push URLs to malicious code hosted on the Internet which can be downloaded and executed on local machines.