First, there was “spam,” or unsolicited bulk commercial eMail, which–besides clogging school eMail servers and wasting precious IT resources in trying to manage–also posed a threat to students with personal eMail accounts, given the graphic nature of many of these solicitations. Now, the internet industry is targeting a new threat to students and other patrons: “spim,” or bulk messages sent to instant-messaging (IM) accounts and web chat rooms.

Unlike spam, “spim” uses IM–a vastly popular service among students and teens–to send solicitations in the form of web links and short text messages to people who trade virtual notes via IM, the always-on, quick-contact service available to internet subscribers.

Recent research suggests that IM is quickly becoming an alternative means of communication for school-age children. A survey released last year by Irvine, Calif.-based NetDay found that at least 70 percent of all students in grades 7-12 have at least one IM screen name, and 18 percent have more than four names, or online accounts which they use to communicate with friends. Interestingly, 54 percent of students who responded to the survey claimed they knew more of their friends’ screen names than home phone numbers.

Students gravitate to IM because it allows them to communicate instantaneously with several people at once and can be done day or night, especially in places that offer the option of always-on internet access, NetDay Chief Executive Officer Juile Evans told eSchool News after the study was released.

According to a recent survey conducted by The Radicati Group Inc., a technology market research firm based in Palo Alto, Calif., the problem of spim will likely grow exponentially in the coming years.

The group estimates the number of spim messages that online users receive will jump from 1.2 billion by year’s end to more than 17.9 billion in 2008, bringing the average number of spim messages received per user, per day, up from 3.3 in 2004 to 26.7 by 2008.

Though the anonymous nature of the IM environment, where users pick crafty screen names to identify themselves to friends and other acquaintances online, makes it hard for spimmers to target children specifically, Genelle Hung, a senior analyst for Radicati, says the rate of IM usage among school-age children virtually guarantees students will encounter the messages.

The solicitations, which usually come in the form of personal notes from other IM subscribers, often contain short text messages or hotlinks that will transport unsuspecting users to web sites hawking pornography or gambling, among other unsavory online fare.

According to Hung, spimmers typically collect IM screen names by snatching them from seemingly private conversations held in online chat rooms and on message boards. Savvy spimmers also are known for devising massive lists of the most common user names and sending out blast transmissions, she said.

Hung said students are particularly vulnerable because of the rate at which they communicate. It’s not uncommon, she explained, for one child to have four or five different IM sessions with friends going on at once. Students with several different windows open on the bottom of their screens are likely to read a spim message or to click on a solicitous link by mistake, she said.

But students are not defenseless against such attacks. Internet service providers and online security firms are continually coming up with new ways to combat the problem.

For instance, some service providers are beginning to monitor who’s signing up for IM services and placing restrictions on the number of accounts users can open in a given period of time, thus cutting back on the number of options available to nefarious spim-peddlers, explained Hung.

According to an excerpt from the Radicati report, public IM networks such as America Online (AOL), Microsoft Network (MSN), and Yahoo! have introduced new tools intended to help combat spim.

In setting up their accounts, users can choose to receive only messages from people who are on their buddy lists, for example–though Hung suspects a lot of students might opt against using such a protection, because it would keep them from cultivating new relationships online.

AOL also recently introduced its IM Catcher, which automatically quarantines instant messages from unknown senders. Meanwhile, Yahoo has unveiled an “invisible” mode that enables users to sign onto an IM session without being visible to the public, the report states.

Anti-spam vendors such as Surf Control already are marketing filtering technologies for spim. Most anti-spam vendors, however, are still experimenting with anti-spam shields for IM and are planning to introduce their solutions over the next 12 months, according to Radicati.

Last week, AOL expanded its tactics to the legal front. The company has filed a federal lawsuit accusing numerous unnamed defendants of violating federal and state laws by sending spim to IM accounts and internet chat rooms.

The lawsuit, filed Oct. 29 in federal court in Alexandria, Va., marked the first time AOL has expressly targeted spim in a legal action.

Perhaps the best way to avoid being deluged by spim and other online solicitations is to develop good online habits, Hung said. That includes keeping IM screen names out of public chat rooms, discussion forums, or message boards.

In many schools, the decision has been made to outlaw IM applications altogether.

“Rochester Schools do not permit installation of instant-messaging clients on any district-owned computers, including administrative computers,” said Raymond Yeagley, superintendent of schools in Rochester, N.H. “If a web conference is beneficial to our students or necessary for the efficient operation of our schools, we will use another tool to accomplish it.”


America Online Inc.

The Radicati Group Inc.

Surf Control