Viruses…in an Instant

By | January 10, 2006

Each day, thousands of employees are being put in a compromising situation by their employers. Names have been changed to conceal the identities of these poor victims of circumstance.

James turned to his colleague, Tara. He glanced around the room nervously and then said quietly: “I’m going to use Instant Messaging, ok?”, as if seeking her approval. Tara nodded, her gaze locked onto James´ screen as he began to type.

“I just can’t help it,” James whispered. “I know we’ve been told to curb it, but it’s harmless and effective. We must have ploughed millions into this company’s IT systems, it must be safe now!?”

Tara, herself a user, albeit occasional compared to many of her colleagues, nodded again. The sign above her desk made her feel uneasy. It read: “Instant Messaging is a conduit for new viruses and worms that can attack business applications and render IT systems useless. Please do not use without company approval.”

Inside she wrestled with her conscience. Instant Messaging made her life easier; indeed, it made doing business for her company easier. But how could she live with the consequences if a virus or worm were to infiltrate the business? Could it be traced to her and what would happen if her bosses found out?

Secure Instant Messaging

Instant Messaging is a security nightmare for most organisations. Firstly, employees are communicating with colleagues and customers, with no record of transactions, and potentially compromising corporate information.

Secondly, Instant Messaging is a conduit for new viruses and worms that can attack business applications and render IT systems useless.

It is clear that companies are worried about virus attacks, the impact of users sharing corporate information and the lack of logging of conversations that may contain commercially impacting decisions.

In the past viruses were spread at a much slower rate, but now Instant Messaging has ushered in the age of Instant virus sharing.

An example of high speed spread is the Kelvir virus, released in March 2005, and new viruses are created at an ever increasing rate.

There are now more than 50 worms and viruses which can be shared using IM, and this number is growing. Some use the buddies and friend lists to forward the virus, masquerading as messages from your own account. And it can only get worse with the potential for trojans that copy personal IM information such as buddy lists, passwords, Log files. These Trojans could go on to copy information using IM as an access method, such as IP addresses, System Information, and then either remotely control that PC or use the platform to spread faster.

How can we stop this?

Many organisations now ban IM within their organisation to avoid these risks, however, this has the flipside of preventing users from benefiting from productivity improvements generated by Instant Messaging.

Wherever someone is browsing the internet, that machine can also run Instant Messaging. This is because IM uses popular communication ports to access networks, such as TCP port 80 which is also used by browsers.

Traditional firewall products allow administrators to control traffic by port, so the only way to stop all IM would also stop all web activity. So the best way to control IM viruses and to control IM is to check every packet.

Deep Packet Inspection

By taking a look inside each packet of data at the point of entry to a corporation (a network boundary), we can determine if the packet is an IM packet or not, and discard unwanted messages.

However, if this is performed in software, the network delay could be significant – enough to stop delay-sensitive IP Telephony traffic – so a high speed data product such as the Nortel Application Switch is needed to provide high speed, deep packet inspection to protect these networks. The Intelligent Traffic Management feature on the Application Switch allows IM traffic to be identified, classified, controlled (e.g. rate limited or down graded to a lower priority), measured and tracked so that hard- pressed Network Managers can re-establish control of the network.

To create a high performance system that can handle multimedia and IP Telephony as well as protect against malware, Nortel has developed and delivered wire speed, hardware based solutions and is already working on the next generation of high speed security products in partnership with Symantec.


Instant Messaging can indeed be an effective business tool, like many other applications, however, organisations need to protect against malware and be able to rapidly determine the difference between new information and new threats. By taking a layered approach to security and using the power and intelligence of deep packet inspection, organisations can ensure that the network is ready to cope with anything that’s thrown at it. In an Instant.

Leave a Reply