mynetx Windows Live Enhanced
Watching Windows Live, enhancing Messenger, chatting with friends :)
I'm currently offline.

Fighting SPIM

2009-07-17 by Klaus Neumann Listen

Have you ever received an instant message that prompts you to click on a mysterious link? Or been asked to share your IM account information, only to have it used to spam all of your friends?

Messaging spam, sometimes called SPIM, is a type of spam targeting users of instant messaging (IM) services. SPIM is more than just an annoyance. It’s a serious threat to online privacy and security. SPIM campaigns that employ phishing tactics to get your account information can put all the personal information associated with your account at risk.

Today, Microsoft has filed a civil lawsuit against several people and businesses in which they are alleged to undermine the security and privacy of Windows Live customers. This case alleges that the defendants engaged in instant messaging spam and phishing on Windows Live Messenger.

Funmobile Ltd., a Hong Kong-based company owned by brothers Christian and Henrick Heilesen, has spimmed thousands of Windows Live Messenger customers since March 2009. Customers who clicked on the link in the bogus instant messages sent by Funmobile were then “phished”— that is, asked for their IM username and password to log in, according to the complaint. Those who provided the log-in information were often redirected to an adult Web site or, in some cases, a site that claimed to be a social networking community for Windows Live Messenger users.

Meanwhile, Microsoft alleges, the defendants collected the wrongfully-obtained usernames and passwords and used them to access Microsoft’s proprietary systems and our customers’ accounts. They then “scraped” or “harvested” the contacts within each user’s account, and sent unsolicited bulk IMs to each of his or her contacts.

Protect yourself against SPIM

  • Do NOT click any SPIM links you receive, but close the conversation window.
  • Tell your friend that you have received SPIM from his account.
  • Change your Windows Live ID password. (Change your password here.)
  • Do not tell your password anybody.
  • Only enter your password on a website where you see the green encryption mark in its title bar. The address should always start with “https://login.live.com”.
  • Remember to sign out properly after chatting at public places.
  • Check your hard disk for viruses.

Sources:
http://windowslivewire.spaces.live.com/Blog/cns!2F7EB29B42641D59!41246.entry
http://microsoftontheissues.com/cs/blogs/mscorp/archive/2009/07/16/saying-no-to-spim.aspx

Related Posts

  1. More than 20,000 Hotmail passwords leaked
  2. How-to: Stay secure while using Messenger
  3. How-to: Change your Windows Live password
  4. Group Chat Comparison: Groups.im vs. Messenger 2009
, , , , , , , , , , , , , , , , , , , , ,

2 comments Comments Feed

Fabrizio Lungo
# 29 Jul 2009 Wednesday 20:10

Just had a thought…. ‘ The address should always start with “https://login.live.com”. ‘ this is not an effective way of stopping phishing! I could easily do that, buy an SSL & have a bunch of subdomains… You should say ‘ The address should always start with “https://login.live.com/”. ‘ Note the forward slash! Hope that helps people!

mynetx
# 30 Jul 2009 Thursday 12:15

Fabrizio,

You are 100% right! Sorry for my typo error, of course any login address must start with “https://login.live.com/”, including trailing slash after “.com”.

Theme
Codename H		 Powered by
WordPress		 Multilingual by
WPML		 Hosted by
JubloWebSolutions		 Feeds provided by
Feedburner		 Icons designed by
FAMFAMFAM		 Licensed under
Creative Commons		 Copyright 2008-2010
mynetx Creations