Microsoft has filed a lawsuit accusing two companies of launching instant-messaging spam and phishing attacks that targeted users on its Live Messenger network.
The software company filed a civil lawsuit on Thursday in King County Superior Court in Seattle against Funmobile, Mobilefunster, and several individuals. Microsoft alleges that they are responsible for the intentional misuse of the service to gain the personal information of its users.
In the suit, Microsoft cites a multitude of attacks, including IMs that appear to be coming from users the victims know. It also describes phishing attacks that mimic the look and feel of an outside service, or an official Microsoft support page.
Microsoft says that the successful use of these tactics has let third parties obtain these users' personal account information, then exploit it by sending mass spam and phishing messages to the contacts of users whose accounts have been breached.
In a post on the Microsoft on the Issues blog, Tim Cranton, Microsoft's associate general counsel of internet safety enforcement, said the company hopes the suit will accomplish three things. One is to stop companies and individuals from continuing the attacks through injunction. Microsoft also intends to "recover monetary damages", and to send a message to other parties that would try similar tactics, Cranton wrote.
Microsoft counts the number of its Windows Live Messenger users at more than 320 million, although the suit makes no mention of how many of those users have been affected by the privacy attacks. However, it does say that the attacks have put a strain on the servers that run the service, as well as on its security teams, which have to monitor and combat incoming attacks.
As a consequence of the attacks, Microsoft is urging users of its Live Messenger service and other Live services not to give other people their log-in information.
Talkback
I hope Microsoft wins. The IM crackers should do time.
How come the federal authorities are not involved in this? hacking/phishing all the same irregardless of what colour it comes in.
Until they attack Federal installations or actually manage to use the information to defraud, its purely a commercial matter.
Unfortunately having somebody's Social Security Number and using it as an ID number is supposed to be a crime whether or not the SSN is actually the person's number or not. Likewise having the Driver's License number is also not a real crime since most states consider the DL number to be open or public records. Both numbers are used as ID numbers by credit agencies and financial institutions and they don't get sued either!
Most people do not realize that the SSN does not have to be given to anyone other than an employer and the IRS on your annual tax return. Until the phishers use it to get credit or make a purchase or withdraw cash, they haven't committed a "real" crime.
Microsoft is trying a preemptive strike to avoid being tagged as being complicit in future frauds by the phishers.
Nothing like good old dose of bureaucracy eh, suppose thats one advantage of having some muscle about then like ms. :s