Microsoft sues alleged IM spammers, phishers

Microsoft has taken out a lawsuit against companies and individuals that have allegedly attempted to obtain usernames and passwords from users of its IM service.

Microsoft is bringing out the big guns to combat instant message spam and phishing attacks done to users of its Live Messenger network. The Redmond, Wash.-based software giant filed a civil lawsuit Thursday in King County Superior Court in Seattle against Funmobile, Mobilefunster, and several individuals, who Microsoft says is responsible for the intentional misuse of the service to gain the personal information of its users.

In the suit (which is embedded below), Microsoft cites a multitude of attacks including IMs that appear to be coming from users they know, as well as phishing attacks that mimic the look and feel of an outside service, or an official Microsoft support page.

Microsoft says that the successful use of these tactics has let third parties obtain these users' personal account information, then exploit it by sending mass spam and phishing messages to the contacts of users whose accounts have been breached.

In a post on Microsoft's security blog Microsoft on the Issues, Tim Cranton who is Microsoft's associate general counsel of Internet safety enforcement, said the company hopes the suit will accomplish three things. One is to stop companies and individuals from continuing the attacks through injunction. Microsoft also intends to "recover monetary damages," as well as send a message to other parties who would try similar tactics.

Microsoft counts the number of its Windows Live Messenger users at more than 320 million, although the suit makes no mention of how many of those users have been affected by the privacy attacks. However, it does say that the attacks have put a strain on the servers that run the service, as well as its security teams, which have to monitor and combat incoming attacks. In the meantime, the company is urging users of its Live Messenger service and other Live services not to give other people their log-in information.


Microsoft Corporation v. Funmobile, et. al." case number 09-2-21247-3
 

Join the discussion

Conversation powered by Livefyre

Show Comments Hide Comments