Contact Us divider Newsletter Signup divider How to Buy dividerFaceForward Blog
Home | IMPact Report 2006 Q1
Contact Sales
 

IMPact Report for First Quarter 2006 (January-March)

Summary Analysis of IM, Chat and P2P Threats in Q1 2006

Real-time communications - instant messaging, chat programs such as IRC and web conferencing, and peer-to-peer networking tools like Skype and other VoIP applications - are in regular use in organization today. IM is in use by more than 80% of organizations, according to messaging industry analyst Michael Osterman, and IDC estimates that enterprise IM will grow from 40 million users today to more than 140 million by 2009, making it the fastest growing communications medium of all time.

This report summarizes the data accumulated by FaceTime Communications for the first quarter of 2006 and compares that data with similar information collected during the first quarter of 2005. Where data for Q1 2006 clearly indicates a continuing trend from consecutive quarters in 2005, this is also noted.

The data used in this analysis are derived from server log files maintained by FaceTime Security Labs, the threat research and response arm of FaceTime; each individual incident report represents a detection of a security issue impacting one or more real-time communications channels on one day.

Key changes between Q1/05 and Q1/06
As the use of real-time communications continues to grow, so does the use of these channels as malware vectors. Incidents of worms, viruses and other security threats increased 723% in the first quarter of 2006 when compared with the data for the first quarter of 2005.

Security Threats

Incidents of viruses and security threats have increased by almost 723% in Q1 2006 compared to the first quarter of 2005

There were 55 reported incidents in Q1 2005 while 453 were reported in Q1 2006

Perhaps some small measure of comfort can be derived from the fact that the number of incidents is down from the record highs for the second and fourth quarters of 2005. In fact, IM-based security incidents have stabilized somewhat relative to the quarter ending December 2005, while P2P incidents continue to grow. While the actual number of overall security incidents may be a little lower than Q4 2005, the complexity of incidents and delivery methods has increased markedly.

While the ratio of single channel to multiple-channel incidents in Q1 of 2005 was 7 to 1, the ratio for the same period in 2006 was 1.7 to 1, making multiple-channel incidents more than 20 times as common in 2006, and representing more than one third (36%) of all incidents, up from 14%.

Viruses may propagate through one or more channels (e.g., via IM, filesharing, one or more public networks, etc.)

Multi-channel propagation in Q1 2006 is 23 times as common compared to the prior year.

 Threat Propagation

This increase in multi-channel propagation makes sense when we look at the increase in P2P network security breach incidents for the same periods; P2P incidents were 14 times more common in the first quarter of 2006 over the first quarter of 2005. In fact, the number of threats using P2P in the first quarter of 2006, at 180, has already surpassed the total number of P2P attacks in all of 2005, when 142 such attacks took place.

P2P Attacks 2006

Q1 2006 P2P attacks are almost 14 times as common in Q1 2006 compared with one year earlier.

In fact, threats using P2P have already surpassed the total number of P2P attacks in all of 2005 (142 such attacks took place)

Major P2P threats encountered by FaceTime Security Labs during the first quarter of 2006 included multiple variants of StartPage, MultiDropper, and Backdoor as well as the more predictable continuing onslaught of W32 malware, further underscoring the increase in complex, multi-channel threats.

Year-on year trending indicators
Security incidents continue to propagate across multiple networks simultaneously; multi-channel attacks - attacks that make use of more than one greynet application or network to increase their infection rates - are growing at 88% CAGR, a significant upward trend that's continued at a steady pace over the past five quarters (7->75->90->127->163).

Greynet security incidents showed a 22% growth rate (CAGR) over the 15 months from January 2005 to March 2006. While this rate of increase is not as steep as in the previous equivalent period, it continues to parallel the growth of real-time communications usage in business.

Security Incidents Incidents increased at a 22% growth rate (CAGR) over the 15 month period from Jan 2005 to Mar 2006

Attack Vectors and Distribution Channels
While IRC and chat clearly remain the malware community's high-vulnerability channel of choice, their dominance appears to be waning. While chat was the primary vector for 75% of all real-time communications attacks in 2005, that figure is down to less than 60% in the first quarter of 2006.

At the same time, P2P and filesharing threats accounted for 1 in 3 of all attacks in the first quarter of 2006 compared with less than 1 in 10 for the whole of 2005. One possible explanation for the increase in P2P attacks compared with public network attacks is that hackers are opportunistic. As more and more corporations and users harden their networks against IM, hackers are going after the softer points-of-entry - which generally means newer technologies that are gaining in popularity.

IM-based attacks were only one third as prevalent in the first quarter of 2006 as they were during 2005. Of the three major public networks (AOL, MSN, and Yahoo), AOL is now the most commonly targeted, displacing MSN from the 2005 top spot.

The increasing commonality of P2P and filesharing threats is shown by their increased dominance: these methods now account for one in three of all attacks compared with one in ten in 2005.

While IRC/Chat-based attacks continue to dominate in Q1 2006, their share of all attack vectors is dropping.

IM attacks are one-third as prevalent in Q1 2006 compared to calendar year 2005.

 IM Attacks

As we've already noted, Win32-based attacks still account for the majority of threats but their share is eroding in favor of Backdoors and Startpages. The share of Backdoor and Startpage attacks stands at 29% in the first quarter of 2006 - up by a factor of six over 2005.

Security Attack Trends
Security Attack Trends

Win32-based attacks still account for the majority of threats, but their share is eroding in favor of Backdoors, Startpages.

The share of Backdoor and Startpage attacks is 29% in Q1 2006 - almost six times as prevalent as their incidence in 2005

Key take-aways and predictions
FaceTime believes that both the frequency and complexity of greynet threats will continue to increase, with particular emphasis on multi-channel attacks leveraging P2P and IM networks. The growth of Skype and other VoIP communications channels should be carefully monitored by IT departments and the appropriate steps taken to both manage and secure their adoption by individual users.

  • Incidents of viruses and security threats have increased by 723% in the first quarter of 2006 compared to the first quarter of 2005. While this number is down from the record incident quarter in Q4 2005, there is no cause for complacency.
  • Multi-channel propagation in the first quarter of 2006 is 23 times as common as in the prior year, constituting a growth rate of 88% (CAGR) when compared with the first quarter of 2005.
  • P2P attacks in the first quarter of 2006 are almost 15 times as common in Q1 2006 as a year earlier - in fact, threats using P2P have already surpassed the total number of such attacks in the whole of 2005
  • While IRC/chat-based attacks continue to dominate, their share of all attack vectors is dropping in favor of increasingly common P2P attacks. These methods, which include filesharing networks, now account for one in three of all attacks compared with one in ten in 2005.

FaceTime Communications is the leading provider of security solutions for the management and control of greynet applications such as adware/spyware, instant messaging, webmail, peer-to-peer file sharing, web conferencing and VoIP. FaceTime is ranked #1 by SC Magazine for IM Security, and has been rated #1 by IDC for two consecutive years. FaceTime solutions are used by almost two million people in over 700 organizations, among them eight of the ten largest U.S. financial institutions. FaceTime supports all leading public and private IM network providers, professional community networks, P2P networks including Skype, and WebEx web conferencing.

Read the 2006 Q2 IMPact Report

Read the 2005 IMPact Report

  
Search Greynet Applications
Search IM and P2P Threats
Filter search by:
Search Spyware Threats
FaceTime IMPact Index
What is the IMPact Index?

Add the IMPact Index to
your site
 
 
Home  | Company  | Solutions  | Products  | Partners  | Support  | News & Events  | Security Labs  | Site Map  | RSS Feeds  | Contact Us
© Copyright 2003-2008, FaceTime Communications, Inc. All rights reserved.   Privacy Policy