Instant Messaging: A new recipe for SPAM

Instant Messaging (IM) and technologies providing 'presence' enable those who need to reach you aware of your availability and able to engage you instantly.

IM and other presence tools are accelerating the pace of work and flourish in dynamic or disparate work environments, where time-zones or crammed schedules can make conventional meetings or communication difficult.

The ease of installation and configuration, as well as the novelty factor of IM and presence applications, make them attractive to users and their deployment can effectively circumvent corporate policies and controls.

The issues

However, public (internet accessible) IM applications on a network open up a new window of opportunity for attackers to target internal workstations and bypass the normally stringent access controls at the perimeter.

IM may provide great opportunities to increase collaboration and productivity, but can lead to security vulnerabilities, breaches of confidentiality, or virus infection.

IM spammers are developing sophisticated software which automatically sends messages - mainly touting pornography - to millions of users, and can automatically change screen names and spoof IP addresses when it is determined that a particular account has been suspended or blocked.

Recommended Actions

The following steps go a long way towards helping curb the level of threat and manage risk:

  • Refine the corporate security policy to address acceptable usage for IM and presence applications
  • Block all communications from outside the corporate network, unless originating from a trusted source/ third party
  • Disable file sharing capabilities to block malware such as viruses and worms
  • Manage and archive IM communication to ensure compliance with regulation and permit auditing for acceptable usage

January 2006

Blueprint for Cyber Security

Our vision is a world properly protected from cyber threat. This blueprint sets out how we can deliver that solution, starting in health and care.