Feeds

Is spim worse than spam?

No.. but shonky IM throws up new set of issues

  • alert
  • submit to reddit

The essential guide to IT transformation

Spim - Instant Message spam - is more than just a nuisance: It's a security risk. The recent "Osama Found" adware campaign and Bizex worm attack show how easily IM technology can be manipulated to fool users into opening malicious code.

Osama Found was particularly sneaky. It took advantage of IM buddy lists to propagate its message. Users clicked on the link they received, believing the messages were sent by trusted contacts.

The Bizex worm delivered instant messages directing recipients to a website that stole financial information gleaned from their computers.

Neither was anywhere near as serious as worms such as Blaster or viruses like MyDoom which travelled by more conventional means. However, spim creates its own set of problems.

Spim immediately interrupts user activity each time it appears on the desktop, making it more disruptive at lower volumes than spam, IM security outfit FaceTime Communications warned this week.

According to messaging analyst firm The Radicati Group, 400 million spim messages were sent last year. Radicati reckons this figure will triple to 1.5bn spim messages by the end of 2004.

The risks posed by poorly-secured instant message communication have spurred a new sub-category of security software. FaceTime's IM Director is designed to control spim through a combination of sophisticated content filtering and a patent-pending challenge-response mechanism. Both features work to intercept spim before it reaches a corporate desktop.

Some vendors such as Blue Coat Systems have taken an appliance approach to controlling IM traffic, while others are marketing secure IM packages. ®

Related stories

Look out spam, here comes spim
UK firms must monitor staff IMs
Phishing attacks on the rise
UK.biz largely indifferent to spam tsunami
Spam is 10

Next gen security for virtualised datacentres

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?