Instant Messaging signposts backdoor into organisations

May 04, 2001 Sophos Press Release

Although the first worm written for the MSN Messenger platform holds little threat to users, it does highlight the potential vulnerability that Instant Messaging (IM) creates in IT security systems, according to Sophos Anti-Virus.

"Businesses that have anti-virus protection at the email gateway could be undoing all their good work by allowing staff to use IM services," said Graham Cluley, senior technology consultant at Sophos. "This isn't just an opportunity for virus infection, it also means users could send and receive unauthorised material without fear of detection. This might easily include confidential documents or pornography."

With the explosion in popularity of IM services Sophos is advising businesses to think carefully about their security procedures. Sophos advocates that it may be sensible to question whether staff necessarily need access to these services as part of their day-to-day business.

"The message is simple - delete messenger services from your desktops if they are not being used for business purposes," added Cluley. "The FunnyFile worm is no big deal, but it does warn of a potential weakness in many firms' security systems."

Sophos has yet to receive any reports of the W32/FunnyFile worm (also known as the Hello worm) in the wild, but is concerned that IM services may enable users to sidestep gateway anti-virus protection.

Of course, Sophos Anti-Virus deployed at the desktop will detect viruses being sent and received via Instant Messaging services.