View my documents ()
 Home > Insights > Blogs 

CA Community

This Blog

Syndication

Spim Preys on Obesity

Published: February 26 2009, 09:34 PM
by Hannah Mariner

This blog post was written by Research Analyst Kenneth Yu. Keep an eye out for his full profile, coming soon.

Have you seen spim before?

Example spim message promoting Acai berry pills

Spim describes a form of spam that arrives through instant messages, and recently we’ve received a lot of it. More concerning than the annoyance factor is that spim often contains links to phishing sites, like the real life examples below. Allegedly sent from people in your friends list, these spim messages advertise Acai berry pills that apparently allow miraculous weight loss: 

  • Ever since Dylan and I seen those Acai pills on Cnn and Oprah we have been taking them and losing so much weight so fast with no diet or excercise , we are living proof that it works like magic and they are only five dollars now to try from http://sizeday.com
  • Wanna lose a lot of weight without diets or excercise? Kathy and I have both lost over 30 pounds in a couple weeks just by taking Acai pills daily, the same ones that Oprah talked about on her show. They are only five dollars to try, We get them from http://makelose.com
  • Ever since Dylan and I seen those Acai pills on Cnn and Oprah we have been taking them and losing so much weight so fast with no diet or excercise , we are living proof that it works like magic and they are only five dollars now to try from http://slimsays.com
  • This is like a dream come true for me and my Jenny. We both are living proof that Acai pills work to lose weight quick, we both lost over 30 pounds and still losing, no diet or excercise they just burn the fat off. Get them now for only five dollars at http://lowslim.com

Upon investigating the domain names, we found that they all point to the same IP address at 125.181.106.147. Clicking on any of the links in the spim examples above takes the user to a website that looks like this and offers a ‘free 14 day trial’ where you only pay for postage:

Example spim website promoting free 14 day trial of Acai berry pills

If a misled user takes the bait and clicks on the “Place Order” button, it shows the ‘Secure Checkout’ page below:

Example spim website where you can place order for free trial of Acai berry pills

The supposedly ‘Secure Checkout’ is not presented in secure HTTP, which is an indication of a phishing site. Scrolling down this page, the user is asked to fill in their credit card details:

Example phishing site where you are asked to enter your credit card details

Clicking on the “Submit your order” button successfully sends out your vital information, so please, be wary of phishing attempts like these, and don’t be fooled by similar ‘free’ offers.

Share this post:  EmailEmail
ShareShare

Tags: , , , ,

Leave a comment

7 people have left comments:

hello. i have recieved theese messages from 2 friends in my IM. i realised instantly that it is either a virus..either spam. but spam sent without the sender;s approval, is techically speaking, still a virus. Problem is, google can;t seem to help me on finding it's verison and how to get rid of it since i want to help my friends :(

Posted by: tudor | March 1, 2009 8:39 AM

I received those messages from 3 of my friends from yahoo messenger. Is there any way to stop it ?

Posted by: selfhelp | March 8, 2009 12:13 PM

Several friends on my msn messenger have told me that i have sent them those messages... how do i stop it?

Posted by: rym | March 22, 2009 4:00 PM

I have the yahoo spim obesity virus.  Can someone tell me how to get rid of it?  It's messing up my computer.

Posted by: canyouhelpme | March 23, 2009 1:12 AM

So is this being sent by someone faking a friend's Yahoo Messenger Address, or by a virus on their machine sending the message?

Posted by: Lee | March 23, 2009 10:51 AM

I cannot seem to find any solution on how to get rid of this Yahoo Messenger "obesity virus".  Does anyone know how to get rid of it?  If so please let me know here.  I have Trend Micro and Webroot Spysweeper.  I have updated both of them, and neither is picking up this virus.  I have informed both of them about it as well.  So annoying...i don't know where to look.  

Posted by: canyouhelpme | March 28, 2009 10:19 PM

has anyone tried changing the password yet?

Posted by: whwhwhwh | March 31, 2009 11:54 AM

Leave a Comment

* An asterisk indicates a required field

* :  

:

* :  
 
 
Page Tools
ShareShare