Code attacks over instant messaging are up almost 80 percent over last year, according to Akonix, which sells IM security products.
The company said that in July it uncovered 20 types of IM attacks. The total number of threats for 2007 so far is 226, the company said. That is a 78-percent increase over the last year.
The company also said attacks on peer-to-peer networks, such as Kazaa and eDonkey, increased 357 percent in July 2007 over July 2006, with 32 attacks.
That report comes on the heels of a report by peer-to-peer network monitoring vendor Tiversa, which found contractors and US government employees are sharing hundreds of secret documents on peer-to-peer networks.
In many cases users were overriding default security settings on their peer-to-peer software to do so, according to Tiversa. Robert Boback, Tiversa's CEO, and retired US Army General Wesley Clark, a Tiversa board member, last week testified before a US House of Representatives committee.
The IM attacks were tracked by the Akonix IM Security Center, a collaborative effort between Akonix, its customers and other security and messaging vendors.
The code used in the attacks was either brand new code or a variant of earlier code detected by the IM Security Center.
The new worms included Exploit-YIMCAM, Hupigon-SJ, InsideChatSpy, SpyPal, StealthChatMon, Svich and YahooSpyMon.
Akonix officials also said the attacks are moving beyond the nuisance stage and getting more malicious.
"Beginning at the end of last year we started seeing multi-stage attacks where IM will deliver a URL and when a person clicks on it they get code loaded that will pull down other code," said Don Montgomery, vice president of marketing at Akonix.
Montgomery said the IM Security Center is also seeing two-stage attacks, where the second stage is the downloading of a Trojan that waits for users to log into specific banking sites to activate a key-logging program.
In addition, there are multi-vector attacks where a malicious URL may be delivered by IM but propagated using email or come in via email and go out over IM. And attacks, focused on consumer services AOL, MSN and Yahoo, are beginning to span networks.