Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: A Word to the Wise - SPIM Flood SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
A Word to the Wise - SPIM Flood

We have received several reports today from people that are getting flooded with SPIM on their IM accounts.  These messages are providing a link to various web sites.  These sites all seem to point to one site www dot messenger-tips dot com.  This site purports to check your IM friends/contacts and report back to you which of them have blocked you.  All you have to do is give them your login and password information.  You also  have to agree to their terms and conditions.  Ok so we read their Terms and Conditions page and what do we find,  first

They will NOT be responsible for any misuse of the information you provide.  They also have no liability for content, views, advice or guidance because they provide a service that is for entertainment purposes only. (Huh? what entertainment). You provide them with the id and password, of course they won't store the information with anyone without your consent. (And if you believe that I have a bridge I will sell you.)  Now here is the real catch-22.  By agreeing to the terms and conditions you agree to allow them to SPIM all of your friends and contacts.  Wonderful.

I am not sure if this program installs any malware or sets up any hole in your computer for them to crawl through.  I don't have a sacrificial lamb here that I can test it with.  We have not been able to determine if it is anything more than ad-ware.  Bottom line folks, DO NOT CLICK ON LINKS. 




279 Posts
ISC Handler
Jul 24th 2007

Sign Up for Free or Log In to start participating in the conversation!