Five years since the first 'spIMming' arrest and charge, claims are made that this method of attack could become more prevalent in 2010

Opinion by Dan Raywood

This week saw the fifth anniversary of the first arrest of a spammer through instant messaging.

This week saw the fifth anniversary of the first arrest of a spammer through instant messaging.

The act, apparently called ‘spIMming', sits alongside such alternatives as ‘SMiShing' and ‘Vishing' as forms of targeted spam, and could still have an impact on businesses. As the use of email is arguably being phased out by Generation Y in favour of instant messaging (IM), it could be the case that 'spIMming' becomes the next significant method.

Commenting, Symantec Hosted Services said that while IM use is expected to increase considerably over the next year, few users are conscious of the dangers IM presents not only to a single machine but potentially to an entire network.

Simon Heron, internet security analyst at Network Box, previously said that employees need to be educated for instant messenger use as they did for spam email. He commented last summer: “Broadly, the messages for employees are: only use the service approved by your IT department, don't trust anyone you don't know, don't click on shared links, keep your personal details to yourself, log out when you've finished, and keep your IM service and anti-virus systems up to date.”

So regardless of the technology, the arrest and subsequent charge of New York teenager Anthony Greco of sending more than 1.5 million pieces of 'spIM' advertising pornography and mortgages showed that the threat and practise was recognised.

Since then, there has been little activity, and in my time at SC there have been no memorable reports of 'spIMming'. Was this because the main sender and activist was caught five years ago, and others have not caught on or been deterred? Or is it simply that Greco was a spam revolutionary, and bought into a trend that was in its infancy in 2005?

Paul Wood, senior research analyst at Symantec Hosted Services (formerly MessageLabs), predicted that by the end of 2010 one in 300 IM messages will contain a URL, and that one in 12 hyperlinks will be linked to a domain known to be used for hosting malware.

He said: “Problems arise from the fact that IM has been very difficult to regulate and control so many organisations, particularly those in regulated sectors, have simply chosen to block its use, even though it's clearly a useful tool that is becoming more widely used.

“Organisations that simply ban IM risk frustrating employees and damaging the business by hindering productivity. To effectively combat the threats posed by 'spIM', businesses need to adopt a policy-based security service in the cloud which carefully monitors all potential threats before they hit an individual user's machine – wherever this channel may be.”

Wood acknowledged that Greco's successful formula was in being able to bypass CAPTCHA technologies to establish a number of accounts on a major well-known social networking site to send out the 'spIM' messages.

It could be argued that he was ahead of the time, but if Star Wars taught us one thing, it was Yoda saying ‘always two there are, a master and an apprentice'. You can bet that there is a 'spIMmer' waiting to pick up the lightsabre in 2010.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events