Security vendor Akonix Systems has tallied 170 instant messaging (IM) threats so far this year, the company said this month, a 73% increase over the same period last year.
The figures show a sharp rise in instant messaging-based attacks, according to Akonix, with 20 threats detected in May alone and an average so far this year of more than one new threat per day.
The most common new threat was Culler, followed by MSNDiablo and Hakaglan, with one variant each, Akonix said. The company also counted 11 threats in May circulating on peer-to-peer (P2P) networks.
The attacks rely on social engineering to spread malicious code, typically sending a link that appears to come from an IM contact.
Because of the informal nature of IM, such tricks are more likely to succeed than they would in an email message, where users are more cautious, Akonix said.
The company said attackers are increasingly targeting instant messaging as a way to get around the email-based security systems now installed in around 75% of companies. Akonix estimates that only 15 to 20% of companies have IM security in place.
Industry analysts have repeatedly warned of the dangers of allowing IM into the workplace, but corporate IM systems nevertheless have been slow to gain popularity.
Another growing trend is the use of non-English text in the attacks. For instance, Culler, the most widespread new attack in May, uses a Spanish-language string promising an animation of President Bush: "mira esta animacion de bush :P".
The downloaded file, bush.exe, makes some effort to appear to be a Flash animation, according to Akonix.