Reuters Puts IM Back Online
The company pulled the plug on the network Thursday morning to prevent a variant of the Kelvir worm from spreading and infecting customers.
The network was taken down just after 9:00 a.m. Greenwich Mean Time Thursday while the company, and Microsoft its partner in the service, worked on a patch. Service was restored at about 7:00 a.m. local time Friday, an IT executive with the London-based company told CRN.
This executive said while the Reuters IM serves more than 60,000 users, only a small percentage were actually affected by the variant of the Kelvir worm. He could not specify a number.
Basically, the worm propagates itself by sending out what appears to be a legitimate IM from a personal contact to another IM user. The message contains a URL link to an infected Web site. However, the Reuters executive said to be infected the user would have to not only click on the link, enter the site, but also download an executable file. Web savvy users who would normally not do so, might be fooled because the message appeared to come from a colleague or friend.
"If you have anti-virus software, if you have a firewall, which Reuters does, and a compliance product, you won't be able to download this malicious worm," he said.
The worm could affect users of the older 3.1 release of the Reuters IM, but not the most recent 4.0 release, he said. Less than half of Reuters users are on the latest product.
In all, he estimated that "a handful" of customers were impacted but Reuters took down the service to prevent further damage,
"About 100 users called in, we communicated out and said we're taking it down till we can patch it and assure their safety. This was the right thing to do," he said.
He also contradicted statements from some tech vendors that this was the first time an enterprise IM (EIM) system has been attacked and brought down. "It's happened before to others," he noted. He would not specify further.
EIM vendors can disable the ability to send URLs or hyperlinks via IM, but that is a feature that many users find helpful. In financial services, the market Reuters supports, traders and analysts often send links to research reports and other data, for example.
This widely reported on outage shows how critical instant messaging infrastructure has become to core businesses. The technology took hold with teenagers chatting with friends but spread like wildfire through corporations. Now the race is on—spurred by regulatory and compliance issues—to make sure the messaging is safe and sound, that messages are archived and managed for future reference. And that users are safe from attack.
A whole cottage industry--companies like Akonix, Facetime Communications, and IMLogic--has grown to fulfill such needs.
Two weeks ago, for example, Akonix, predicted that virus and malware attacks on IM will triple for the third year in a row this year, and a major attack will hit corporate networks worldwide. It also predicted that the number of spim (or spam-over-IM) messages will more than double in 2005.
These numbers are self-serving for these companies, but not necessarily to be discounted, observers said.