Windows Live Messenger “Spim” Leads to Lawsuit

In a move designed to stop the contributors to the process of undermining the security and privacy of Windows Live users, Microsoft announced that it had debuted legal action against Funmobile Ltd., a Hong Kong-based company led by Christian Heilesen and Henrick Heilesen. The civil lawsuit filed in King County Superior Court in Seattle was catalyzed by the alleged spimming practices employed by Funmobile. Microsoft indicated that, starting with March 2009, Funmobile had sent instant messaging spam (“spim”) to thousands of Windows Live Messenger users.

The lawsuit “alleges Funmobile Ltd. has conducted a significant campaign to undermine the privacy of Windows Live Messenger customer accounts and to “spim” our customers’ contacts. We originally filed the case in June as a “John Doe” complaint that did not identify specific defendants. As part of today’s action, we are asking the court to grant an injunction to help stop this activity immediately to protect our customers. We are also seeking to recover monetary damages,” revealed Tim Cranton, associate general counsel, Internet Safety Enforcement.

In the filing the Redmond company considers the actions of Funmobile as having affected it adversely and is looking for injunctive relief, statutory damages of $5,000 per violation as well additional damages. According to the software giant, Funmobile allegedly applied a scheme targeting Windows Live Messenger users with instant messaging masquerading as coming from an email address of a friend or acquaintance. All victims were invited to click on links included in the messages.

“Customers who clicked on the link in the bogus instant messages sent by Funmobile were then “phished”— that is, asked for their IM username and password to log in, according to the complaint. Those who provided the log-in information were often redirected to an adult Web site or, in some cases, a site that claimed to be a social networking community for Windows Live Messenger users,” Cranton added. “We allege, the defendants collected the wrongfully-obtained usernames and passwords and used them to access Microsoft’s proprietary systems and our customers’ accounts. They then “scraped” or “harvested” the contacts within each user’s account, and sent unsolicited bulk IMs to each of his or her contacts.”

Windows Live Messenger 9.0 (2009) is available for download via this link.