Contact Us divider Newsletter Signup divider How to Buy dividerFaceForward Blog
Home | SPIM Prevention
Contact Sales
 

SPIM Tactics & Prevention

SpIM, spam delivered via instant message (IM), is quickly becoming more devastating to the enterprise than spam. Unlike email, IM users expect that their IM interactions are between those who are part of their trusted "buddy" network. This trusted relationship means users are more inclined to fall victim to the consequences of spIM by clicking on infected links. And because IM is an instant form of communication, Trojans, viruses and worms can propagate much faster than communications via email. Further exacerbating the problem is the exponential adoption of IM in the workplace. No longer is the damage isolated to an individual's PC but the entire network.

Tactics of the spimmer.
Spimmers use a similar approach to the email spammer by harvesting IM addresses through the public IM networks called "buddy harvesting attacks." Several unethical methods are used, below are a few examples:

  • Misinformation and the Seeds of Spyware. A growing spIM tactic sends a link via IM that looks credible. Once the user clicks on the link, a spyware application is downloaded and installed without the user's knowledge. That application can then spy on the user, and potentially "harvest" that user's buddy names.
  • Social Engineering Spreading Worms and Trojans. Similar to sending an infected link, a worm is a faux message sent via IM that will send an infected message to a list of "trusted buddies." These messages are often in the form of an alert that appears from a trusted source like "AOL Security Services has identified your IM User name as a target for a worm infection, please click this link to scan for the worm and clean up any damage it may have caused", and when the user clicks the link that they think will actually fix their computer, it actually has the opposite affect and infects their computer with a buddy harvesting worm. This method is social engineering, because the user is the one that actually "triggers" the worm by clicking on the link. The worm then can also start the cycle of replicating that message to all of the users buddy's and then their buddy's can become infected, and so on, and so on, until the worm has propagated around the world for the benefit of Spimmers harvesting a huge amount of buddy names and building a larger target database, anonymously.
  • Blended Threats Causing the Peer-2-Peer (p2p) Effect. Spimmers don't always use IM as the initial channel to harvest IM buddy names. They have also tapped into the p2p network. Kazaa, eDonkey, Morpheus, Groxter, Aimster and others have become hugely popular. The draw is "free" music, movies and porn. Spimmers provide a misleading "name" for their spyware and worm applications, like "Britney Spears Wedding Photos." When the unsuspecting P2P user downloads the movie or file, a worm, Trojan or spyware is attached or embedded and the user becomes infected. Many of the Trojans and worms that are inflected via the p2p networks also copy themselves into "shared" folder of any p2p application (Kazaa, Morpheus, etc), so that users sharing files from the original user also becomes infected.

These methods are just the beginning of the creativity we expect to arise from the spimming community. Remediation has been difficult, at best, as organizations are leaving the burden of protection on the user. This approach simply won't work as a stand alone measure and it is one of the main reasons Spam went from a nuisance to a widespread epidemic. The first line of defense should not be the desktop. Remediation must be at the network level.

The Solution.
FaceTime Enterprise Edition with its multi-layered anti-spIM architectural approach is the only product that effectively thwarts all forms of spIM. It includes:

  • Patent-pending Challenge-Response Mechanism: Social BOT (automatic "robot" messages that simulate human messages) blocking. Only FaceTime blocks this common form of spIM by confirming a human is on the sending end.
  • White List/Black List Capability: Automatically updated black lists to block known spimmers as well as the option to leverage white lists that only allow the receipt of messages from known senders.
  • Real-Time Content Filtering: Sophisticated content filtering that can be set to intercept messages that contain adult material, known spimmer phrases, URL links and other content.
  • Proxy Architecture: Delivering consistent anti-spIM blocking across all PIM and EIM networks.
 
Search Greynet Applications
Search IM and P2P Threats
Filter search by:
Search Spyware Threats
FaceTime IMPact Index
What is the IMPact Index?

Add the IMPact Index to
your site
 
 
 
 
FaceTime's Security Initative is Supported by:
Home  | Company  | Solutions  | Products  | Partners  | Support  | News & Events  | Security Labs  | Site Map  | RSS Feeds  | Contact Us
© Copyright 2003-2008, FaceTime Communications, Inc. All rights reserved.   Privacy Policy