Spammers Return to ‘Spim’ to Lure Victims

Pity the poor spammers — they’re being hit by the recession, too.

After years of ignoring instant messaging (IM), spammers are returning to IM en masse as yet another way to make money, security researchers say. The result is “spim” — spam over IM.

“The global economy is affecting everybody, including those who spim and spam,” Don DeBolt, director of threat research operations at CA’s (NASDAQ: CA) research laboratory, told

Security experts said that they’re finding spim levels again ticking upward — a return to a tactic that peaked years earlier. That’s because the senders of e-mail spam are looking to get money by any means necessary, Dermot Harnett, principal analyst at antivirus vendor Symantec, told For instance, the same group of spammers is behind both a spim deluge and e-mail spam campaign, which sends an advertisement for a weight-loss solution using the Acai berry.

“They’re all related,” Harnett said.

It’s also another move by spammers and malware authors to expand their arsenals with increasingly nefarious tools. In the same way that spammers are adopting social networking sites like Facebook, the “spimmers” send messages to potential victims purporting to come from close friends.

Spim last made a big splash back in 2004, when its levels got so high that a number of major stakeholders in instant messaging and Internet security teamed up to tackle the problem of IM spam.

The issue brought IM security firm IMlogic together with security players McAfee (NYSE: MFE) and Sybari, plus IM providers AOL, Microsoft and Yahoo (NASDAQ: YHOO). The companies set up a new initiative, the IMlogic Threat Center to help IM users protect themselves against malware threats.

Since then, Symantec (NASDAQ: SYMC) acquired IMlogic in 2006, the spim threat died down and major antivirus vendors now maintain their own watches over IM security.

Threat level rising

But with spim now on the upswing, there’s again a potential for real danger, experts warn.

CA research analyst Kenneth Yu said in a blog post that one set of spims pitching Acai diet pills has links that take users to a realistic-looking e-commerce site.

The site’s checkout page asks users for their credit card information, he added. However, sharp-eyed users will see that the “secure” checkout page is not delivered through a secure Web session using HTTPS , which to Yu indicates a phishing site.

Other common spims direct victims to sites that try to sell them “scareware” — fake antivirus or anti-spam programs that purport to find and fix problems on their computers, but which really don’t do anything, DeBolt said. In fact, scareware can even contain malware.

“There’s been a significant increase in the distribution of these rogue security products,” he said.

The problem of scareware has been plaguing the industry for some time. The issue prompted Microsoft (NASDAQ: MSFT) to target scareware distributors last year.

However, not all the spim is for phishing or malware; some is sent by people selling legitimate products from known brands.

“The global economy is putting pressure on businesses, their affiliates in terms of advertising middlemen, and individuals to take steps they would not otherwise take to get their product in front of the customer,” DeBolt said. “It’s the advertising middlemen who send out these spims with legitimate products, not the vendors themselves.”

As it as been for years, spim will continue to be a problem, so enterprises need to protect themselves by maintaining a closed system for IM communications, DeBolt said.

“IM traffic should not be allowed out of the corporate network,” he said.

News Around the Web