Although the first worm written for the MSN Messenger platform
holds little threat to users, it does highlight the potential
vulnerability that Instant Messaging (IM) creates in IT security
systems, according to Sophos Anti-Virus.
"Businesses that have anti-virus protection at the email gateway
could be undoing all their good work by allowing staff to use IM
services," said Graham Cluley, senior technology consultant at
Sophos. "This isn't just an opportunity for virus infection, it
also means users could send and receive unauthorised material
without fear of detection. This might easily include confidential
documents or pornography."
With the explosion in popularity of IM services Sophos is
advising businesses to think carefully about their security
procedures. Sophos advocates that it may be sensible to question
whether staff necessarily need access to these services as part of
their day-to-day business.
"The message is simple - delete messenger services from your
desktops if they are not being used for business purposes," added
Cluley. "The FunnyFile worm is no big deal, but it does warn of a
potential weakness in many firms' security systems."
Sophos has yet to receive any reports of the W32/FunnyFile worm
(also known as the Hello worm) in the wild, but is concerned that
IM services may enable users to sidestep gateway anti-virus
protection.
Of course, Sophos Anti-Virus deployed at the desktop will detect
viruses being sent and received via Instant Messaging services.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.