|
|
|
 mess@ge home
Table of
contents
|
Instant spamming The spim wave is growing
If you think spam is the ultimate nuisance, try spim. Instant messages containing unsolicited commercial content are on the rise. This year their number is expected to triple, and the spim wave has just begun. You are working at your computer, when suddenly a grey box with a text message pops up on your screen. Instead of some lines from one of your buddies, an unknown person invites you to click on the ensuing link and learn more about the extension of certain parts of your body. If you have received something like this, you are also a member in the fast-growing club of spim victims. Rapid growth of spim Instant spamming has been around for a long time. The term ‘spim’ was already mentioned in the Chicago Tribune on 5 August 1999. What is new, though, is the rapid growth. In 2003, spim amounted to 400 million messages, according to marketing-research firm Radicati Group. This year, Radicati expects the number to triple to 1.2 billion. Compared to spam, this number is still relatively low – the projected number of spam e-mail messages for 2004 is 34.8 billion. This is mainly due to the fact that Instant Messaging (IM) has not yet achieved the number of users, especially business users, as e-mail. However, the number of business IM users is expected to grow rapidly – from 10 million in 2002 to 182 million in 2007, according to Ferris research. Now that Instant Messaging has reached a critical mass, it is becoming ever more interesting for spammers. “The reason spim has taken off is very simple – the money and the marketers go where people are,” says Robert Mahowald, an analyst at the IT advisory firm IDC in Massachusetts. “IM is just another channel, but now people are starting to use it more often.” Another reason is the lower barrier Instant Messaging currently poses. While legal and technical measures against spam are being increased, spim still offers a promising area for dubious marketers. There is not much legal protection yeta gainst spimming, and most users are not aware of security issues related to Instant Messaging. Recent spim attacks revealed the vulnerability of IM communication. In February, an adware worm called “Osama Found”, circulated among users of America Online Instant Messenger (AIM), causing more aggravation than actual damage. The worm pops up a URL link in an incoming message during an AIM session and appears to come from someone on the user's buddy list. Users who click on the URL link are sent to a web page where they are asked to download a programme for an IM game application. Once a user installs the programme, it acts like a worm and sends the link to everyone on the user's buddy list. The spread is even faster than in e-mail worms, because IM is real-time, and people react much faster.
Differences between IM and e-mail Experts have different opinions on how serious a threat spim is. Most of them regard predictions of a spim explosion as exaggerated. “I wouldn't characterise spim as a huge problem,” said Paul Ritter, programme manager at The Yankee Group. Spam expert John Levine agrees: “Spim is not as horrible a problem as e-mail spam.” Their judgement is based on two main differences between e-mail and Instant Messaging. Firstly, IM communication takes place in a better controllable environment. Instant messages are routed through just one server at Yahoo, MSN, or AOL – unlike e-mails, which are routed via several servers on their way to the recipient. As the IM services are not interoperable, each provider has high control over IM traffic. The second major difference between Instant Messaging and e-mail is on the user side. Most users filter instant messages through buddies list. E-mail users may apply spam filters, but most of them do not use white lists of permitted senders. Thus, the structure of IM communication tends to limit the growth of spim. However, spimmers have been quite inventive to overcome the structural barriers. Spimmers deploy bots in chatrooms that pose as real persons and persuade other chatters to invite them to their buddy lists. In a crowded chatroom, a rudimentary impersonation is sufficient to lure chatters into adding bots to their buddies list. In general, most spim is sent by bots that simulate IM users. Francis deSouza, CEO of IMlogic, estimates that about 5% to 17% of IM messaging today is spim, compared to a 52% share of e-mail spam in 2004. According to the Radicati report, 70% of spim messages point to pornographic websites, around 12% involve “get rich” schemes; product sales account for 9 percent; and loans or finance messages are at 5 percent. Spim is more obtrusive The reason why some experts see spim as a real threat is not so much because of the mere numbers, but more because of spim’s special character. Spim is more obtrusive than spam, because messages pop up automatically on a PC or a mobile phone when a user is logged in, making them harder to ignore. “IM spam is much more of an interruption than regular email spam,” said John Levine. “Unlike email spam, the timing is controlled by the sender and not the recipient.” IM spam can also cause security problems by enticing users into clicking on promising hyperlinks. These links can provide a doorway for viruses to enter a corporate network. Spim could cause network congestion, hurting application performance. Please send us your comments on this article. |
||||||||||||
