So far this year security vendor Akonix Systems has found 170 instant-messaging threats. This represents a 73 percent increase over the same period last year in instant-messaging threats.
The figures show a sharp rise in instant messaging-based attacks, according to Akonix, with 20 threats detected in May alone, and an average so far this year of more than one new threat per day.
The instant-messaging attacks rely on social engineering to spread malicious code, typically sending a link that appears to come from an IM contact.
Because of the informal nature of IM, such tricks are more likely to succeed than they would in an email message, where users are more cautious, Akonix said.
The most common new threat was Culler, followed by MSNDiablo and Hakaglan, with one variant each, Akonix said. Akonix also counted 11 threats in May circulating on P2P networks.
Akonix said attackers are increasingly targeting instant messaging as a way to get around the email-based security systems now installed in around 75 percent of companies. Akonix estimates that only 15 to 20 percent of companies have IM security in place.
Industry analysts have repeatedly warned of the dangers of allowing IM into the workplace, but corporate IM systems nevertheless have been slow to gain popularity.
Another growing trend is the use of non-English text in the attacks. For instance, Culler, the most widespread new attack in May, uses a Spanish-language string promising an animation of President Bush: "mira esta animacion de bush :P".
The downloaded file, bush.exe, makes some effort to appear to be a Flash animation, according to Akonix.