Saying No to “Spim”


Posted by Tim Cranton 
Associate General Counsel, Internet Safety Enforcement

Have you ever received an instant message that prompts you to click on a mysterious link?  Or been asked to share your IM account information, only to have it used to spam all of your friends?

Such instant messaging spam, or “spim,” can take the fun -- and utility -- out of instant messaging.   And cybercriminals know that for many Internet users, the threat of spim is not yet widely understood.  Spim is more than just an annoyance.  It’s a serious threat to online privacy and security.  Spim campaigns that employ phishing tactics to get your account information can put all the personal information associated with your account at risk.

A few weeks ago, I talked with you about Microsoft’s enforcement efforts to help promote Internet safetyfor consumers, advertisers and the industry at large.  Today, as part of our ongoing commitment to online safety, Microsoft is taking additional legal action to help protect our customers against IM spim and account phishing. 


Earlier this morning, Microsoft filed a civil lawsuit in King County  Superior Court in Seattle (“Microsoft Corporation v. Funmobile, et. al.” case number  09-2-21247-3) that alleges Funmobile Ltd. has  conducted  a significant campaign to undermine the privacy of Windows Live Messenger customer accounts and to “spim” our customers’ contacts.  We originally filed the case in June as a “John Doe” complaint that did not identify specific defendants.  As part of today’s action, we are asking the court to grant an injunction to help stop this activity immediately to protect our customers.  We are also seeking to recover monetary damages.  Above all, we hope the lawsuit will send  a clear message to all potential perpetrators that this kind of activity is not tolerated on our networks. 

As outlined in the complaint, Microsoft alleges that Funmobile Ltd., a Hong Kong-based company owned by brothers Christian and Henrick Heilesen, has spimmed thousands of Windows Live Messenger customers since March 2009.  The scheme is alleged to target customers with IMs that appear to come from the e-mail address of a known friend or acquaintance, and invite the recipient  to click on a link

Customers who clicked on the link in the bogus instant messages sent by Funmobile were then “phished”— that is, asked for their IM username and password to log in, according to the complaint. Those who provided the log-in information were often redirected to an adult Web site or, in some cases, a site that claimed to be a social networking community for Windows Live Messenger users.

Meanwhile, we allege, the defendants collected the wrongfully-obtained usernames and passwords and used them to access Microsoft’s proprietary systems and our customers’ accounts.   They then “scraped” or “harvested” the contacts within each user’s account, and sent unsolicited bulk IMs to each of his or her contacts. 

Such abuse of the Windows Live Messenger service harms Microsoft and our customers by burdening Microsoft’s computers and computer systems with spim traffic, interfering with users’ enjoyment of our services and invading the privacy of our users.   Our customers should be in control of their information, and shouldn’t be provoked into divulging their personal account credentials for third party services.    This kind of activity isn’t just a violation of our terms of service for Windows Live, it’s a violation of our customers’ privacy.  For this reason, Microsoft strongly advises our customers to only use their Windows Live login information for the purposes of logging in themselves and to never disclose their Windows Live ID and password to a third party other than Microsoft, regardless of the potential usefulness of the “service” that is offered in exchange.  

Windows Live is a great platform for third party development, and we provide a multitude of resources to enable companies and individuals to develop legitimate companion services that enhance our customers’ experiences online while still protecting their privacy and their personal data.   Phishing, spim and account harvesting are not legitimate means of interacting with Windows Live.  This kind of activity crosses the line from legitimate third party services to “parasiteware” that harms our customers.

Microsoft is vigilant about using both technology and the law to fight illegal activity online.   I lead a dedicated team that works to uncover schemes like this one, track down the perpetrators and, if necessary, build legal cases against them. As this work continues we will keep you updated on how we are finding, and fighting, cybercrime in all its forms.

In the meantime, if you’re interested in learning more about this issue, the Windows Live team has also posted some thoughts on its blog

And for more information about staying safe online, please visit


Comments (10)

  1. Anonymous says:

    Ive personally had this happen where the message appeared to originate from my wifes account during a live discussion we were having…    when it happened I asked her about the message and she had no knowledge of the message at all…    considering the fact that it appeared as a Man-in-the-Middle attack on the IM connection itself   I have discontinued use of that IM service    What programming team do I report such events to?    Being a programmer myself and having a base knowledge of network engineering I chose the above   steps as I considered the account compromised    Ive additionally dropped use of that password as well  

  2. Anonymous says:

    Thanks and support Microsoft's action!

  3. Anonymous says:

    I'm glad to hear that you are taking these steps. This is a major flaw in social networking – in order to position themselves for increasing monertary value and eventual buyout sites such as Facebook and Myspace have encouraged 3rd party developers to produce apps that have deep access to their customer information once the user gives them permission – which they have to do to use it. The viral quality of Web 2.0 social networking memes is such that most people never think before giving that permission and have become inured to it

  4. Anonymous says:

    Most "new" Spyware/Adware creators/hackers are using Microsoft plateforms and claiming "Certified" status with Microsoft to launch their attacks. But, their anything but legitimate. I'm speaking from experience. A online company by the name advertises exactly that, with a 30 Day Back Guarantee,  are selling Powersuite 2009 Pro. It suppose to correct Registry Errors, Speed-Up your PC and make everything like new, however, their product doesn't work, it only makes you think it does with a devise that goes through your files 'DAILY" and the same ERRORS returning each following day, so they can scan your computer over and over again to make sure they don't over look any of your files. I complained after the forth day that their program software didn't work and I was cancelling my subscribtion with them and expected a total refund on my Credit Card. At first they refused to give me a refund, but the next day their email said they'd return some of my money. When I treatened to turn them in to Microsoft they finally said I'd be receiving a total refund on my Card. However, since they already had permission to enter my computer and search and filter my files they decided to use this for a "Revenge Attack" with a false "Security Alert" that would attempt to disrupt any of my efforts to get anything accomplished. Even with THREE AntiSpyware  companies monitoring my PC, "Microsoft", Mcafee, & HP Compac," they manages to get away with this for two days before "I" on "MY OWN," figured out how to rid myself of them. Everyone of these companies in my eyes are complete failures. They're all part of the problem. By the way. your software you sent in the mai,l MSN premium, is a joke. You're expecting the customer to solve "YOUR" problem. Unless something concrete happens soon about Fake Alerts, Spyware, Adware, etc. that ride piggy back on Microsoft contracts, I'm not going to remain silent. I'm highly disappointed that you haven't figured this out. You're subcontractors are robbing you blind.

  5. Anonymous says:

    Please don't blame the companies that are providing us with great services. Where would we be today if Microsoft and others did not exist?    BLAME the criminals!   That are bringing distrust into our community.    I also fell victim to the phishing and soon was attacked through PC and Mobile phone.   NOT THROUGH BLUETOOTH!!!!!!    It all started from what I thought was a harmless "Spim". (No such thing).  Not Microsofts fault that I thought a friend had requested me to view a new photo (most requests I noticed started with HAHA).  Or that I joined up to a link that advertised that it was a New Msn Chat Group. etc etc   These links soon stopped after downloading Nortons latest product.    What we can do as consumers is report these incidents directly to Microsoft.  We also need to understand "What is a Secure Site" before downloading products.  Internet Explorer has these answers in the help files on understanding if the site is secure or not.  If in doubt don't click or receive.  I have come across many pages that LOOK genuine but are not real sites. Ie: Symantec is Symatec (obvious) but not to a "newbie". No I did not download from this site.    Maybe someone should come up with a site that "we" as consumers can report directly to.    Keep up the great work Microsoft!   I understand you are trying to catch these criminals.   We as consumers can join together to help companies track them down.  Lets bring TRUST back into the community! 🙂

  6. Anonymous says: this is not coming from Nigeria.

  7. Anonymous says:

    I just received the following email. Is this truly from Hotmail or is this Spim? Please alert users immediately, Thanks    Dear Account User        CONFIRM YOUR WINDOWS LIVE ACCOUNT SERVICES. VERIFY YOUR  HOTMAIL ACCOUNT NOW !!!          This Email is from Hotmail Customer Care and we are sending it to every Hotmail Email User Accounts Owner for safety. we are having congestions due to the anonymous registration of Hotmail accounts so we are shutting down some Hotmail accounts and your account was among those to be deleted. We are sending this email to you so that you can verify and let us know if you still want to use this account. If you are still interested please confirm your account by filling the space below.Your User name, password, date of birth and your country information would be needed to verify your account.     Confirm your E-mail by filling out your Login Information below after clicking the reply button, or your account will be suspended within 24 hours for security reasons.     * Username: ………………………..   * Password: …………………………..   * Date of Birth: ……………………….   * Country Or Territory: …………….     After following the instructions in the sheet, your account will not be interrupted and will continue as normal. Thanks for your attention to this request. We apologize for any inconveniences.     Warning!!! Account owner that refuses to update his/her account after two weeks of receiving this warning will lose his or her account permanently.   Sincerely,  The Windows Live Hotmail Team      

  8. Anonymous says:

    I really wanted to say thank you for all yoir patience and hard word work…I know it is not aat all easy! With this Vista system I need a book for D….my's! I wanted to make sure that you know how much you are very very much appreciated! There is something in my system causing :re=log, I just do npt lmpw what to do about it …and I can not trust any typy of e-mail or live chat because I am going in blind! Once again found that re-log sign in! I certainly hope this was an appropriate means of communication. Once again, thank you for having such patience and being so incredibly kind.

  9. Anonymous says:

    I wonder if suing a Hong Kong based company in San Fransisco makes any sense, what power does a US judge have to stop them!    P.s. Hong Kong is no US state

  10. Anonymous says:

    I want to suggest all victims from spyware and virus from microsoft windows to use anti-virus: Onecare, because I use it for myself since 2005.  I never got victim from any treat to steal my information.  What I like  from onecare live anytime spyware or virus want to do something wrong to my computer a pop up shows up to ask me do you want to allow this program to install in your computer. If I know that program I say yes or no.  I am sorry for any person already victim by treat  now I recommend he/she to use one software is onecare live as anti virus it's will help.

Skip to main content