Interestingly, social networking tops the no-value category.

Secure Computing Corp noted a huge increase in image spam, while Message Labs add that recent virus outbreak (Warezov) has added to the botnet ring, exacerbating the problem. There isn’t a heck of a lot you can do about this, other than keep your virus-scanner dats up to date - even switching to Linux or OS X isn’t going to stop it (that is, unless everyone on the planet switched at once).

If that wasn’t enough, the holiday season is rolling around, so you get to add a barrage of unstoppable junk mail to your list of fancies.

The only bright light in the bunch, instant messaging. Yes, the threats remain, but are still relying on social engineering techniques. Meaning…

You can’t stop the spam, unless you shut down the network. You can’t stop the junk mail, unless you shut down the postal service. But you can stop the IM attacks - you just have to quit being stupid!

…although I suspect even that will be tough for many

….or something like that, which I can then put my foot in my mouth over when it doesn’t actually happen. By the numbers, instant messaging attacks have barely gotten started.

I have heard this new acronym “SPIM” used in a variety of contexts. First it is spam over instant messaging, then it morphs into spam over cell phones, and now it is the combination of the two. I don’t know if we will ever learn what exactly “SPIM” is, but you can be certain of two things…

First, it isn’t transported via the email infrastructure, has something to do with instant messaging, can in fact hit a cell phone (by SMS, IM, or both), and…

If my cell carrier starts using the challenge/response system mentioned in this article, I am going to give birth to a giraffe.

Everyone using mobile messaging has to pay for those messages, many in both directions. You can be fairly certain that the greedy, customer unfriendly, clueless mobile phone service providers are going to try charging for all those C/R messages. Who the hell is going to pay TWICE for every “I’ll be there in..” and smiley face someone tries to send them. I wouldn’t put up with it, even if it was free. Meanwhile, the whitelist and black list features of the FaceTime system I think we can all live with.

Phishing attempts have be lingering around the instant messaging environment for some time. The latest report is from Yahoo, and the exploit is purported to look as though it is coming from a buddy list contact. Upon clicking, the user is redirected to a fake Yahoo page, where Yahoo user information is requested.

You can catch the whole report, including some history of similar reports from other IM carriers, here: Phishing Dips into Yahoo IM.

On a related note, Aconix has some additional insight into the phishing over IM issue. Aconix develops enterprise security products which are designed to protect against such exploits in corporate IM networks. Read more at Akonix Security Center Warns of New Threat for IM Users in Corporate Environments.

A major breakthrough has been made in the war on spam, one that might put the problem to rest for good. Politicians from the US and UK have agreed to cross the pond every year for a spam summit. According Derek Wyatt, head of the All Parliamentary Internet Group, “That will really help to beat things like spam and spim [spam over instant messaging].”

Rumour has it the first forum will address the following major issues:

- Statuatory requirements to set auto-emptying of Outlook junk mail folders upon exit, and
- Allocating substantial funds (in the billions) to develop public awareness campaigns on how to restrict IMs only to those people on a personal buddy list

Great stuff!

You can read the whole, exciting report here: Politicans form transatlantic spam alliance - ZDNet UK News.

People across the technology landscape have been correct in the assumption that if people never purchaed products from spammers, there would be no economic incentive to spam. It is a solic theory, and I agree.

In what might be good news for the burgeoning mobile spam phenom (if it indeed exists), it seems the potentially hardest core users of mobile services are rejecting spammers advances.

It seems college students, arguably the most voracious consumers of SMS and other mobile services, seem to dislike being spammed. According to the survey, done at Ball State University, approximately 25% reported receiving mobile spam, while 9 in 10 said that it pissed them off. Almost 70% of those surveyed said that being spammed would make them LESS likely to purchase the spammers’ target products.

While the sample size for the survey was small (roughly 1,200), the target represented a roughly 70% active text messaging user base, and 14% for instant messaging services.

Unfortunately, roughly 1% of those surveyed as receiving spam on their mobiles reported responding to it - all a spammer needs to make a living (in fact, more than they need).

For more information, read this article from MediaPost Publications.

We are seeing a lot of hype over the issue of instant messaging spam nowadays. Part of this hype could be an actual problem, and part of it could be guilt by association. With all the talk about the Secret Service and Paris Hilton getting hacked via T-Mobile, I wonder if this isn’t already a little overdone - people seem to associate the instant message with mobility, and more and more phones are coming to market with chatting features. Don’t shoot me for reaching.

BetaNews thinks it is less of an issue than is being described, and points out a lot of the security features that service providers have to put a clamp on the “problem” (see BetaNews | The Hype Over Spim).

What’s worse is the potential for association with politics and laws such as CAN-SPAM.

The Register put together a good piece on the notion in Can CAN-SPAM can spim? | The Register. They point out the deficiencies in CAN-SPAM for dealing with the SPIM issue, but hold true to the notion that prosecutors will reach until someone bursts their ego-driven bubbles. The Register also notes that the best course of action would be to draft a new law sculptured around IM.

I agree, and that may happen, someday. Lets just hope and pray the politicos take their heads out of their butts long enough to ask someone with the slightest technical expertise for a little advice, before they enable SPIMing too.