IT security firm Sophos has issued a warning on an unusual spam campaign that tries to lure users of public service chat exchange networks like MSN into parting with sensitive information.
The spam messages detected over the past couple of days by Sophos researchers have been found to stem from a botnet, and contained varying e-mail addresses and with a minor content randomisation.
It is unusual as a spam campaign because it tries to lure recipients to engage in a flirtatious MSN chat, before ultimately redirecting them to an adult website.
The company said that the offending domain is hosted in China and belongs to a member of the ClickCash.com affiliate network promoting adult-content websites.
Users who follow the message’s suggestion and go on to chat over MSN are engaged in a scripted IM chat, and then invited to subscribe to a phoney website.
Sophos warns that the website asks for user details and credit card information – data which could easily be used to commit identity theft.
Talking to strangers can be dangerous on the net, but many people do it. So it’s actually quite likely that this scam could be successful, said Graham Cluley of Sophos. All computer users need to be wary of unsolicited emails.
Most enterprise security software can now be configured to block access to IM entirely at either the application or protocol level to defend against incoming spam, viruses, and worms, and also enable the archiving and logging of instant messages as they pass through the network.
MessageLabs last week brought on stream a new security service to provide organisations with another way to defend against IM threats with a managed service that will monitor, manage and audit the business use of public networks like AOL’s AIM, Yahoo! Mail and Microsoft MSN.