IM Worms

I've been reading up on IM Worms, and came across a really good, concise primer on the subject: On Instant Messaging Worms, Analysis and Countermeasures by Mannan and van Oorschot. There's of course plenty of material on Wormblog, but this is probably the best written I've seen yet.

I got interested in the topic after seeing some PR from a company called IMLogic. They talk abou IM worms pretty much exclusively and are full of doom and gloom -- yet I'm on about fifty zillion IM networks and I've only seen (maybe) three instances, and I have plenty of contacts, both security-wise and not-so-much. So, I was curious why I (and my customer sites) weren't seeing more.

Today, it seems like there's a ton of potential for the vector -- especially the OSCAR networks. But, I guess e-mail is still doing the job for the worm writer's ultimate goals.

Plus, I really don't see many people falling for IM phishing quite yet -- people don't tend to communicate with their banks over IM, so the transaction would feel inherently strange to the victim.

But, it sure does seem like a great way to install keystroke loggers in a jiffy, until the IM networks get some intelligence built in to halt this sort of thing.