Spim: The New Spam

Spam being rapidly outpaced by 'spim'


14:56 26 March 04

NewScientist.com news service

While the torrent of unsolicited spam emails continues to rise, it is being far outpaced by the surge in unwanted messages sent to the users of instant messaging programs, analysts have warned.

The volume of so-called "spim" is set triple in 2004, according to a new report from the Radicati Group, a technology market research firm in Palo Alto, California.

The company projects that 1.2 billion spims will be sent, 70 per cent of which are porn-related. This is a mere trickle compared to the 35 billion spams expected, but the researchers warn that spim is growing at about three times the rate of spam, as spammers adapt their toolkit to exploit a rapidly rising number of new instant messaging (IM) users.

"The reason spim has taken off is very simple - the money and the marketers go where people are," says Robert Mahowald, an analyst at the IT advisory firm IDC in Massachusetts. "IM is just another channel, but now people are starting to use it more often."


More intrusive

IM software allows users to swap text messages and files in real time from a computer or cell phone, with Microsoft, Yahoo or AOL programs being the most popular.

Spim is more insidious than spam because messages pop up automatically when a user is logged in, making them harder to ignore. "It feels more intrusive," says Jason Catlett of anti-spam company Junkbusters in New Jersey.

Spimmers share some tactics with spammers. For example, they create software bots that scour internet chat rooms and web sites for IM usernames, or systematically guess them using random name generators. As with spam, the bots bombard these addresses with unsolicited messages sent in high volumes from throwaway accounts.

However, users of IM programs commonly use a "buddy list" of invited friends to limit who can send messages to them. The buddy lists can be switched off, but their widespread use makes it more difficult for spimmers to message a stranger's computer. In contrast, most users of email do not use "white lists" to filter incoming email.


Buried code

Faced with these challenges, spimmers have developed new tools. Some resemble common virus writing techniques, such as devising a malicious piece of code that exploits vulnerabilities in IM programs.

Spimmers bury the code in a link or file and send it to an IM user. If the user activates the code, the spimmer can then message people on the user's buddy list by borrowing their identity.

Although spimmers must initially find users whose "buddy list" setting is switched off, getting that user to then click on a link or download a file is often easier than it is via email.

"In email, if you see a message called something like "enhanced body part" you will ignore it. But if an instant message just pops up while you are talking to a friend, you might just click on it," says Genelle Hung, a Radicati analyst.

Another spimming tool is even more stealthy. Spimmers deploy bots in chatrooms that pose as people and persuade other chatters to invite them on to their buddy lists. In a crowded chatroom, an invitation can be solicited with a fairly rudimentary impersonation, says Stowe Boyd of the technology consulting firm A Working Model in Virginia.

Although it is on the rise, analysts do not predict that spim will ever be sent in bulk on the scale of spam. This is mainly because IM messages only travel over one company's servers, making it much easier to monitor and block suspicious activity. Emails, on the other hand, are routed through multiple service providers before arriving at their destination.

Celeste Biever