Press Release

FaceTime Reports IM & P2P Malware is Packing a Bigger Punch

FOSTER CITY, CALIF. - January 16, 2007 - FaceTime Communications, the leading provider of solutions for securing and managing IM, P2P and Web-based greynets, today announced its analysis of malware affecting today's enterprise networks through instant messaging, P2P file sharing, and chat applications. In an analysis of threats tracked or identified by FaceTime Security Labs, 1,224 unique threats on greynet applications were reported in the past year, with attacks over peer-to-peer networks increasing by 140 percent over 2005 and multi-channel attacks increasing from 18 percent in 2005 to 29 percent of all attacks in 2006.

While the number of unique malware instances is down vs. 2005, when more than 2000 threats were identified, FaceTime researchers warn that the nature of today's malware is more dangerous and can cause greater damage. The threats are more complex, stealthier than ever before and are propagating through multiple channels, making them harder to identify and protect against. FaceTime researchers expect this trend to continue as malware creators are more technically savvy and better-funded, using social engineering to create botnet armies at their disposal. Risky employee behavior on the Internet has become one of the biggest network security concerns for enterprise organizations.

Increasing Maliciousness More Important than Number of Malware Attacks
Researchers at FaceTime Security Labs have gone beyond raw data collection to seek out, analyze and expose the perpetrators behind today's malware threats many of which use social engineering to propagate through IM, peer-to-peer networks and social networking web sites. The clear motivation is financial, with the major malware discoveries of 2006 all pointing toward botnets designed to gather personal or banking data for malicious means.

"The numbers alone don't tell the story," said Chris Boyd, director of malware research at FaceTime Security Labs. "It is more important to understand that, although major network disruptions don't seem to result from malware attacks propagated via IM, the sophistication, complexity and stealthy behavior of these threats make them far more dangerous.

"The sources of the most insidious threats we identified in 2006 are not the glory-hungry hackers of yesterday. These are cyber-criminals and click-fraud experts who are well funded, extremely savvy, and their M.O. is to stay in the background and collect as much information as they can before moving on to the next target. To be discovered by taking down a network would be counter-productive to their criminally-motivated financial goals," added Boyd. "

Chris Boyd, along with Wayne Porter, director of special research for FaceTime Security Labs, will explore and expose the behind-the-scenes action of these malware perpetrators during their presentation, "Botnet Live: Tracing, Chasing and Building the Case to Bust the Bad Guys," on Wednesday, February 7 at the RSA Conference in San Francisco.

2007's Biggest Risk: Employees Undermining Corporate Security
The danger of this new breed of malware is compounded by the increasingly risky behavior of today's employees, who frequently introduce consumer greynet applications onto the corporate network- most often without the sanction of their IT department. The user is squarely at the cornerstone of enterprise security concerns, according to FaceTime's Second Annual Greynets Survey (October, 2006). The survey revealed that:

• Four in ten end users (39%) believe they should be allowed to "install the applications they need on their work computers," independent of IT oversight or policy.
• Fifty-three percent of end users report they "tend to disregard" company policies that govern greynet usage, specifically IM and peer-to-peer file sharing.
• Eight in ten IT managers are at locations that have experienced greynet-related attacks within the last six months
• The number of greynet applications installed on a typical enterprise network have increased dramatically; work locations where eight or more greynet applications are in use have doubled, growing from 20 percent of all locations in 2005 to 41 percent in 2006.
• Sixty percent of managers report that within the past six months, security attacks have been more likely to have invisible effects (like keyloggers) rather than outcomes apparent to the end user, such as a hijacked browser, making compromised PCs more difficult to detect.

"Despite myriad security technologies employed by enterprise IT managers to block malicious attacks, the user is often the biggest vulnerability, especially on the real-time, socially-networked Web" said Frank Cabri, vice president of marketing for FaceTime Communications. "In 2007, the biggest security risk for organizations is likely to be their own users, as employees install consumer-oriented greynet applications onto their workplace computer faster than the IT team can keep up with the corresponding controls."

"The IT decision is no longer just to ‘block or allow' use, as these applications have become central to employee productivity in the office. New security measures need to provide visibility and control of these real-time collaborative applications in a way that meets the needs of employees and the IT staff," added Cabri.

Top Threats of 2006 FaceTime Security Labs researchers identified several financially motivated and potentially damaging threats during 2006, including:

• March 15, 2006: The "Carder" botnets collectively represented up to 150,000 compromised computers, which used a custom built PERL script to fraudulently scan desktop and back-end systems to obtain credit card numbers, bank accounts, and personal information including log-ins and passwords. The operators could potentially launch these scans from any computer on the botnet to mask their actual location. Relevant files and information on a large number of "at risk" credit card accounts were provided to federal authorities by FaceTime researchers.
• May 22, 2006 - Unsafe "Safety Browser" affected Yahoo! Messenger clients. The first, and extremely inventive, instance of a self-propagating worm, named yhoo32.explr, installing a web browser to hijack the Internet Explorer homepage, leading users to a site that put spyware on their PCs.
• October 3, 2006 - The KMeth Worm (w32.KMeth) sent users to a Web site serving a barrage of Google AdSense advertisements related to mesothelioma, a rare cancer caused by exposure to asbestos. Because of its relation to toxic tort litigation, the cost-per-click for the keyword "mesothelioma" is one of the highest in the online advertising pay-per-click market, making it a prime target for financially-motivated malware writers.

About FaceTime Security Labs
Operating in three research centers around the world, FaceTime Security Labs (FSL) is the threat research and remediation division for FaceTime Communications. These experts identify and monitor risks posed by viruses, worms, spyware and malware propagating through applications such as IM, P2P, Chat and other real-time applications, and provide customers automatic updates and countermeasures to the latest malware threats.

About FaceTime Communications
FaceTime enables the safe and productive use of greynets like instant messaging, Skype, web conferencing and P2P file sharing. FaceTime Security Labs delivers the industry's first IMPact Index, which assesses "point-in-time" risks posed by viruses, worms and other malware propagating through greynet applications. Ranked number one in market share among instant messaging management vendors for the third consecutive year, FaceTime's award-winning solutions are used by more than 800 customers including nine of the ten largest U.S. banks. FaceTime supports or has strategic partnerships with all leading public and private IM network providers, including AOL, Google, Microsoft, Yahoo!, IBM, Bloomberg, and Jabber.

FaceTime is headquartered in Foster City, California. For more information visit http://www.facetime.com or call 888-349-FACE.

PR Contact:

Emily Chamberlin
650-762-2945
echamberlin@ar-edelman.com