Viruses and worms can come in from many directions
For a long time, email was the primary vector for viruses, before that floppy discs carried bugs from pc to pc. Then came network worms exploiting windows security vulnerabilities which led to the rise of firewalls and the increase in viruses piggy-backing into the system through browser bugs. But, any program that listens for data coming from the network could be an entry way for good traffic, or bad. The Securityfix is talking today about November being a record month for Instant Messenger worms.
It’s one of those “vectors” that’s not thought about as much, but is just as much a risk. But you have a firewall shouldn’t that protect you? Well, no… the instant messenger typically opens the ports through the firewall so that it can receive data from the outside world. So, to repeat the above, any network service (any program that listens for network connections) is a possible security risk.
It looks like Microsoft’s network is the most targeted for the year, but AIM became a greater target from October on. 62 worms were counted in November by Akonix (who sells Instant Messenger Security solutions…)
Most Instant Messenger worms target IRC (Inernet Relay Chat), most of the main network (Yahoo/MSN/AIM/etc.) worms are not very destructive (yet.) The company that did the study (Akonix) says fewer than 5% of users use antivirus protection specific for Instant Messenger’s. I think this is a vector that will be taken advantage of more and more.
Virus writers basically are going after “low hanging fruit”. The objective is to infect as many systems as possible, so they will go where the vulnerabilities are. Instant messengers are prime targets for that. I find that I hardly ever just leave an Instant messenger running all the time. I know some that do. For those, it’s important to at least keep it updated from your Instant Messenger vendor.