Instant Messaging Planet   Earthweb  
Events Jobs Premium Services Media Kit Network Map E-mail Offers Vendor Solutions Webcasts
   subjects:
Search EarthWeb Network

internet.commerce
Be a Commerce Partner

Instant Messaging Planet : Enterprise IM: Think Spam Is Tough? Try Fighting Spim


Think Spam Is Tough? Try Fighting Spim
June 8, 2004
By Drew Bird

It's hard to find any e-mail user that isn't tired of battling spam. The seemingly endless influx of junk e-mail has corporations and individuals alike looking for new and ever more-effective ways to block unwelcome spammers.

“In addition to putting the appropriate management and security solution in place we advise companies to educate users about the threat of spim as one of the elements of their IM usage policies.”

— Dmitry Shapiro, CTO and founder of Akonix
But while the war on spam moves along at a slow but steady pace, a potentially more disruptive form of direct marketing is gaining ground. That new threat is spam over instant messaging, or spim for short. So far the issue of spim has not been widely recognized as a problem, but as the recent outbreak of the 'Osama Found' AOL Instant Messenger worm revealed, spim is a threat that corporate IM users should be thinking about now, not in the future.

Who's Canning the Spim?
Spim is not a new issue. It has been around in one form or another for years. But recently, with lawmakers and ISPs closing in on shady direct e-mail outfits, spammers are looking for new ways to get their unwanted messages across. New legislation like the U.S. anti-spam laws passed in December 2003 target spammers and allow for stiff penalties such as fines and even jail time. Why risk such consequences when the CAN-SPAM Act covers only e-mail? Instant messaging isn't even mentioned in the legislation.

So if spim has been around for a while, why is it only now starting to get serious consideration? The main reason is that its growth is accelerating at an alarming rate, as Francis deSouza, CEO of IM management software vendor IMlogic explains. "We started noticing spim a couple of years ago while reviewing compliance requirements for a customer. At that time the amount of spim was less than a couple of percent. Today it is still below 10 percent of all IM traffic, but even that represents a significant issue for companies with large numbers of IM users."

DeSouza's findings are borne out by recent research of the spim issue by The Radicati Group, which estimated that spim will account for around 5 percent of all public IM traffic by the end of 2004. In terms of the actual number of spim messages, that equates to more than 2 million messages this year alone.

As startling as these numbers seem, they still pale into comparison when set against the numbers associated with spam e-mail, yet many industry analysts are as concerned about spim as they are about spam. Spam, although very annoying and costly in terms of e-mail storage, bandwidth usage and potential threats, is a passive medium. Widely deployed spam filters prevent the majority of spam messages from getting through to the corporate network, and users are well-educated in identifying and subsequently deleting, without opening, the spam that does get through.

“We started noticing spim a couple of years ago. At that time the amount of spim was less than a couple of percent. Today it is still below 10 percent of all IM traffic, but even that represents a significant issue for companies with large numbers of IM users.”

—Francis deSouza, CEO, IMlogic
In contrast, the nature of IM is such that when an instant message is received, the recipient will invariably open it. In the case of indiscriminate spim — that in which the user does not recognize the sender — the reader may not click on a link embedded in the message, but they will still have stopped what they are doing to read the IM message. The result is a loss in productivity, but spim can be more than of a threat than just a little disruption.

Everyone Trusts a Buddy
If the spim message is received from a recognized user who has been infected by a spim worm, such as Osama found, the click-through rate for links embedded in the message is very high, as the recipient invariably trusts any message that is received from a user in their buddy list. This high click-through rate is particularly attractive to those responsible for spim, which explains their growing interest in exploiting spim as a medium for their messages.

"Buddy lists imply a trust relationship between two users", explains Rahul Abyankar, director of product management for IM management software provider FaceTime Communications. "Users maintain their buddy list and are more selective about who is included on the list. E-mail address books tend to include many more contacts and are less well-maintained. The result is that a user is extremely likely to open an instant message from someone who is in his or her IM buddy list."

With e-mail spam, click through rates are extremely low, being measured in factions of a single percent. Spim, however, offers much higher rates. To put this in perspective, a spam e-mail may need to be sent to 10,000 users in order to generate even five clickthroughs. Spim may be able to achieve the same clickthrough rate with only 10 or 15 messages. Given such efficient statistics, it's no wonder that spammers are looking to become spimmers in short order.

Reining in the Spim
While the news about spim is not encouraging, there are things that can be done to ensure that it is kept in check. For those organizations that allow the use of public IM systems like Yahoo! Messenger, AOL Instant Messenger and MSN Messenger, a number of companies such as Akonix, and the aforementioned FaceTime Communications and IMlogic, produce IM management systems that allow for the detection and prevention of spim. They achieve this protection through a variety of methods including signature detection, challenge response systems and rule based blocking capabilities.

“Buddy lists imply a trust relationship between two users. Users maintain their buddy list and are more selective about who is included on the list. The result is that a user is extremely likely to open an instant message from someone who is in his or her IM buddy list.”

Rahul Abyankar, director of product management, FaceTime Communications.
One of the most interesting approaches to preventing spim is a challenge response system like that implemented in FaceTime Communications IM Auditor and IM Director products. When a user first receives an instant message from an unidentified source, the software responds with a challenge that requires the sender to retype a certain word issued by the software. As spim is most likely to be sent by automated "bots," the reply will not be forthcoming and the message will be blocked. If the sender is legitimate, and the challenge receives the correct response, the sender's message is allowed through and that user is added to the list of approved senders.

This method of verification is considered effective as it still provides for the spontaneous communication made possible by IM systems, but prevents incoming IM from automated senders. The entire challenge/response system is invisible to the IM user who receives the initial IM message only after the sender has verified their legitimacy. Challenge-response systems are not a barrier to spim, but they make the idea of spimming a user somewhat impractical. Other more simple precautions like not allowing any messages from any user that is not in the buddy list can be surprisingly effective, particularly against indiscriminate spim.

Public IM system providers are obviously aware of the spim issue and are taking the threats posed by spim very seriously. Yahoo! for example, actively monitors IM users looking for any ID that is sending a very high amount of messages. These ID's are then suspended pending further investigation.

An Ounce of Prevention ...
As with anything, prevention is better than cure as Dmitry Shapiro, CTO and founder of Akonix explains. "In addition to putting the appropriate management and security solution in place, such as Akonix L7 Enterprise, we advise companies to educate users about the threat of spim as one of the elements of their IM usage policies. This can help identify any emerging problems that may arise in the future as more focus is put on IM by the Spam generators."

Regardless of whether corporations choose to use an IM management system, or let IM use go unchecked, the message from IM management providers and other industry sources is clear. If you want to prevent spim from becoming and issue, you need to look at the problem now and implement preventative measures accordingly. So far spim has been an inconvenience to a few. Within a few years it will be a problem to many.

Back to InstantMessagingPlanet.com homepage.

Tools:
Add www.instantmessagingplanet.com to your favorites
Add www.instantmessagingplanet.com to your browser search box
IE 7 | Firefox 2.0 | Firefox 1.5.x
Receive news via our XML/RSS feed

Enterprise IM Archives
 
Related Articles
IM Security on a Small Business Budget
IMlogic Expands Product to Support Global 2000
AOL Certifies FaceTime
Product Watch
NetSaro Enterprise Messenger - Private and Secure Enterprise Instant Messenger
Setup your Private and Secure Enterprise Instant Messaging Network.

Fonwar Mobile - Fonwar Mobile.
New free gaming community with mobile Games, Ringtones, Wallpapers, Photos and Videos with community features SMS, Chat, Blog, Group like Facebook, Friendster and MySpace.

Fonwar IM v2.2 Beta - Live chat .
Free Fonwar IM, live chat & interact over internet data plan or WiFi.

more products >>

Glossary
Jabber
LDAP
MMS
presence
SIMPLE
SIP
SMS
SSL
store and forward
XMPP
Search for more networking terms ...
  
FREE Tech Newsletters