Several users of the instant message service MSN messenger have recently been attacked by so-called ”SPIM” This has led some to believe that they have been attacked by an MSN-worm or a virus, which mission is to damage their computer.

The term SPIM is used for SPAM targeting Instant Messaging users, The new type of SPIM uses a social engineering technique. It means that you as a user get a message that contains a web address instead of the name from a sender. This is an attempt to trick you to click on the address.

The company behind this particular web site markets a service that claims to be able to find out if someone have blocked you from their MSN Messenger. In the message it says “Find out who has deleted you from MSN – without their knowing”. When you clickon the address, they try to decieve you to give out your MSN sign-in information, so that your account can be used to send out commercials through the MSN instant messaging service.

"It’s a golden rule never to divulge sensitive information to unknown. Never! Especially in this case, but also generally, we want to make people aware of what kind of information they give out. By giving away your username and password to this kind of services you also say yes to be a spammer", says Snorre Fagerland, Senior Virus Analyst by Norman ASA.

"We don’t think there is a danger with this phenomenon, but we advise people to be aware", says Snorre Fagerland, Senior Virus Analyst, Norman ASA.

Advice to avoid being a participant in spimming Do not give out your sign-in information. Look for the security lock down to the right in you browser. Do not click on files or links that you do not know are sent to you by someone you trust. Do not reply to messages that offer you “the world”