Messaging spam

From Wikipedia, the free encyclopedia
Jump to: navigation, search

Messaging spam, sometimes called SPIM,[1][2][3] is a type of spam targeting users of instant messaging (IM) services.

Instant messaging applications[edit]

Instant messaging systems, such as Yahoo! Messenger, AIM, Windows Live Messenger, Tencent QQ, ICQ, XMPP and Myspace chat rooms, are all targets for spammers. Many IM systems offer a directory of users, including demographic information such as age and sex. Advertisers can gather this information, sign on to the system, and send unsolicited messages, which could include commercial scam-ware, viruses, and links to paid links for the purpose of click fraud. Microsoft has announced that the upcoming Windows Live Messenger 9.0 would support specialized features to combat messaging spam.[4] In most systems users can already block the vast majority of spam through the use of a whitelist.

Countermeasures[edit]

  • Many users choose to receive IMs only from people already on their contact list.
  • In corporate settings, spam over IM is blocked by IM spam blockers like those from FaceTime, ScanSafe, and Symantec.

Messenger Service spam on Windows NT-based systems[edit]

Example of Messenger Service spam from 2007.

In 2002, a number of spammers began abusing the Windows Messenger service, a function of Windows designed to allow administrators to send alerts to users' workstations (not to be confused with Windows Messenger or Windows Live Messenger, a free instant messaging application) in Microsoft's Windows NT-based operating systems. Messenger Service spam appears as normal dialog boxes containing the spammer's message. These messages are easily blocked by firewalls configured to block packets to the NetBIOS ports 135-139 and 445 as well as unsolicited UDP packets to ports above 1024.[5] Additionally, Windows XP Service Pack 2 disables the Messenger Service by default.

Messenger Service spammers frequently send messages to vulnerable Windows machines with a URL. The message promises the user to eradicate spam messages sent via the Messenger Service. The URL leads to a web site where, for a fee, users are told how to disable the Messenger service. Though the Messenger is easily disabled for free by the user, this works because it creates a perceived need and then offers an immediate solution.[citation needed]

References[edit]

  1. ^ "CNET: Spim, splog on the rise". News.com. Retrieved 2013-07-07. 
  2. ^ "Spam being rapidly outpaced by spim". New Scientist. 2004-03-26. Retrieved 2013-07-07. 
  3. ^ Spamfo: SPIM, your new spam[dead link]
  4. ^ Jeremy Kirk. "Microsoft to clamp down on spam over IM". IDG News. Retrieved 2007-11-24. 
  5. ^ "Messenger Service window that contains an Internet advertisement appears". Microsoft. Retrieved 2007-12-01.