Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Spam's Next Target: IM

As improved filtering technology blocks more and more email spam, some hackers are turning to instant messaging as another way to send their nasty correspondence. Corporate networks can be vulnerable to an attack through an instant messaging system because employees typically use IM clients from AOL, Google or Yahoo that have few if any security measures to protect against spam or malware.

IM spam "potentially could be even worse" than email spam, says Michael Osterman, president of Osterman Research Inc.

Part of the problem is that email spam can be easy to spot based on a suspicious subject line or unknown sender, but that's not the case when it comes to instant messages, which must come from someone authorized to be on a recipient's "buddy list."

Spammers exploit that trustworthiness by luring victims to a Web site, installing a piece of software, or malware, onto a user's machine, infecting their IM client and then sending an IM message to all of the members of the victim's "buddy list."

"The likelihood of spreading the infection is much higher with IM than it is with email," Osterman says. "You're more likely to click on the link and potentially get infected than you would with email."

Despite that, the number of victims is still tiny. "It is a relatively small problem today. It's nothing compared to email spam," Osterman says. "But the potential is there for some problems with IM."

  • 1