Coming Soon to Your IM Client: Spim
Spammers are likely setting their sights on instant messaging networks.

Cara Garretson,
Network World
Monday, February 09, 2004

Instant-messaging spam--or spim, as it's often called--is beginning its march into the corporate world.

Spim isn't nearly the headache that e-mail spam has become, largely because instant messaging isn't as ubiquitous as e-mail in corporate settings and because the closed nature of IM networks makes IM spammers easier to catch. But experts predict that unwanted IMs have the potential to wreak just as much havoc as spam.

So far we're told by customers that [spim] is not a big problem. But we find it hard to imagine that it's not going to turn into a tremendous issue, says Sara Radicati, principal analyst at The Radicati Group. Radicati reports that 26 percent of companies are using IM as a corporate service, and that 44 percent say employees use IM but it isn't a company standard.


Security Worries
Financial companies are known for their heavy use of instant messaging, but Lee Blackmore, director of IT at Stifel Nicolaus, says he was surprised to learn how widespread IM use was at the Midwestern brokerage house. He was about to ban all use of IM for fear of security breaches that the service can cause, but the company's institutional traders put up a fuss. Instead, he agreed to let the company's 175 traders use any IM service they like--and he installed IMlogic's IM Manager to control and secure communications.

My concern [with IM], in running the IT department, was spam, and what people were really using [IM] for, Blackmore says. Although the traders block incoming messages from people who aren't on their contact lists, the majority of them are allowed to use IM to communicate with people outside the company.

As corporate use of IM rises, so does the potential for abuse. With the most popular consumer IM services--namely those from America Online, Microsoft's MSN, and Yahoo--available for free, all spammers need is a list of screen names to start clogging these systems with unwanted messages. Granted, it's much harder today to flood networks with IMs than with e-mail because bulk mailing tools and lists of user names aren't readily available to IM spammers. But some say it's just a matter of time.

God help us if we can't see this thing coming based on the industry's experience with e-mail spam, says Jon Sakoda, vice president of products at IMlogic, which develops software that adds security to popular IM services.


Potential Problems.......................................
More at PCWorld