Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Your Next IM Could Be Your Network's Last: Page 3 of 4

Akonix's Don Montgomery, the San Diego-based company's vice president of marketing, agreed in a statement issued Tuesday. "It's just a matter of time before we see an IM or P2P attack that will bring down entire networks," Montgomery said.

"The scary part is that the IM worms are becoming very smart on how they use buddy lists," said Gilliland. "You could see infection happening relatively instantaneously."

In 2004, Symantec ran simulations that showed an IM worm could spread to s many as 500,000 machines in under 30 seconds.

"An automated, network-style IM worm would be orders of magnitude faster than that," claimed Gilliland.

One answer, put forward by several IM-oriented security vendors, including IMlogic and FaceTime, is to use behavioral-based defenses to quickly detect an ongoing IM attack, then quarantine infected systems before the exploit can spread.

IMlogic, for instance, uses something it calls RTTPS (fro Real-Time Threat Protection System) to shut down an attack, even a nearly-instantaneous one. "RTTPS looks at client behavior in the client protocol or the system itself, then when it detects odd behavior, blocks any transmission from that client to others on the network," said Gilliland.