Tip of the WeekInstant messaging clients can be doorways to spam. Download and install updates to your preferred IM client, and use privacy tools to block unwanted missives. Yahoo lets you be invisible. AOL can block messages from people outside your buddy list. MSN alerts you when someone adds you as an IM contact.
It's bad enough that our in-boxes are crammed with junk e-mail. Now spam is slithering into cell phones and instant messages.
These annoying variants can be just as dangerous as virus-riddled junk e-mail, and they can even cost you money. But just as with e-mail spam, there are tools to help you stave off these new breeds.
Spam Evolves Into SpIM
America Online calls unsolicited instant messages spIM. The term is meant to sound like the word spam, and the messages are just as pathetic as junk e-mail. "Please visit my Web site" is a typical example. Yahoo Messenger users are IM spam victims too, dodging messages that tout adult Web sites or dole out hot stock tips.
Worm writers have targeted Microsoft's MSN Messenger and Windows Messenger with slimy e-mail-style attacks. Both AOL and Yahoo have also plugged holes in earlier versions of their IM software to help stave off IM hackers.
Antivirus firm Symantec warns that a small but growing number of documented IM security holes pose risks of infection and information theft. Symantec recommends keeping antivirus definitions up to date.
Part of the reason spam weasels are increasingly targeting IM clients is because these clients have become so advanced. They can run many computer scripts and they share the same vulnerabilities as e-mail software clients, with functions like attachments and support for hyperlinks in messages. These can be doorways to attacks.
AOL's latest update, AOL 9.0, addresses the spIM scourge with a feature called IM Catcher. This function corrals instant messages from people outside your buddy list or AOL contacts in a small window, so you don't end up with a dozen chat windows cluttering your desktop. Users of AOL's free AIM client don't have this feature, but if you get hit with a spIM message, click Warn. If the IM message-sender gets too many warnings, AOL will kick the screen name off the network.
Yahoo says IM spam isn't a huge problem for it, but in September the site required all users to update their Yahoo Messenger clients to help can IM spam. If you want to chat incognito, Yahoo lets you log onto its messaging client as 'invisible'. Yahoo also provides a word filter to block offensive messages.
Microsoft offers some of the best defensive IM tools. To send an instant message, you must include the recipient on your contact list. And you can't add a user to your contact list without getting that person's permission beforehand.
To tighten security and privacy settings with Yahoo Messenger, go to Login and select privacy settings. With AOL's free AIM client, go to My AIM, select Edit Options, and go to Edit Preferences. With Windows and MSN Messenger, go to Tools, select Options, and click on the Privacy tab.
SMS Spam Threatens
As if it weren't bad enough that spam co-opts instant messaging clients, mobile phone users are now seeing an entirely new nuisance: SMS messaging spam. Smart phones have brought enhanced message services, multimedia message services, IM services, and phone-based e-mail. But with convenience come trade-offs and expenses. Cellular service providers charge 3 or 4 cents per mobile phone message. It's one thing if your spouse text-messages you--but if it's an SMS spam pitch for cheap laser toner cartridges, that's another matter entirely.
"Spam may be an irritation when delivered to a PC via the Internet, but it is even more irritating when delivered to the mobile phone," says Tim Lorello, chief marketing officer at TCS. His company makes spam filters for cell phone services. He predicts U.S. users may soon face some of the problems that Europeans have had to tackle.
Commercial SMS spam is common in Europe. Consumers are encouraged to hand over their SMS address to enter contests (sound familiar?). The promotional SMS messages soon follow. Can you imagine switching phone carriers just to shake SMS spam?
TCS tackles the SMS spam problem by setting up spam filters at gateways controlled by cellular carriers. For example, Verizon Wireless uses TCS's filtering service on an SMS gateway to block spam. Verizon Wireless customers can customize their SMS filter to block messages from unknown users by visiting a Verizon Web site.
And you thought the spam in your in-box was all you had to fear.
Q. What is up with that wretched fake Microsoft Update e-mail? I've been receiving up to 20 of these spam messages a day for the past month. When is this spam going to end?
A. You're not alone. We've been getting loads of inquiries about e-mail that claims to be a Microsoft update or patch. First, Microsoft never distributes software or software updates by e-mail. Updates are performed most easily by selecting Tools and Windows Update in Internet Explorer.
The spam you refer to typically has an infected attachment that contains the W32.Swen.A@mm worm, which poses as a software security update from Microsoft. Its message prompts users with "Yes" or "No" buttons to agree to install the update, and even provides a faux installation progress bar if they agree.
But the worm code gets installed if you click at all. If you receive a message that claims to include a Windows update or security patch, do not open or click on the attachment. Delete it.
If you think your PC may have been victimized by Swen, check out Microsoft's patch.
Q. Can you recommend a good spam filter that would work with Outlook Express?
A. New antispam software seems comes out every day; it's hard to keep tabs on what's best. PC World editors are constantly evaluating the latest offerings, so you might peruse PC World's recent top picks for Outlook Express antispam software.
You might also consider trying SpamNet, Cloudmark's excellent antispam plug-in for Outlook Express. Right now, it's free because it's still in development. In our experience, the beta product does a great job of blocking spam. When it's final, you should expect Cloudmark to charge about $4 monthly for the service.