All messages received seem to have a suffix .info in it. A possible message is as below:
Party Pics..Messages may be even simpler with nothing but the link like below:
http://[your friend email address before @ sign].ther1ng.info
http://checkdiz.infoThe messages may come in different variations. So far, the messages I received were from ther1ng.info, checkdiz.info, checkout.the.fri3ndp1x.info, and imagequick.info.
A quick navigation to http://imagequick.info brings me to the below page.
The page is promoted using the concept of Social Networking. It attempts to trick MSN users to login and share photos with fellow friends. A quick scrutiny on the Terms and Conditions seems to have told the entire story. I include the entire T&C below.Terms of Use / Privacy Policy:
By filling out this form, you authorize TST Management, Inc to spread the word
about this 100% real and upcomming Messenger Community Site.
You will receive your share of the credit in helping us spread the word. This is a harmless
Community site which is offering users a platform to meet each other for free.
We do not share your private information with any third parties.
By using our service/website you hereby fully authorize TST Management, Inc to send messages
of a commercial nature via Instant Messages and E-Mails on behalf of third parties via the information
you provide us. This is not a "phishing" site that attempts to "trick" you into revealing personal
information. Everything we do with your information is disclosed here. If you are under eighteen (18),
you MUST obtain permission from a parent or guardian before using our website/service.
This page is not affiliated with or operated by Microsoft(tm) or MSN Network(tm).
ANY LIABILITY, INCLUDING WITHOUT LIMITATION ANY LIABILITY FOR DAMAGES CAUSED OR
ALLEGEDLY CAUSED BY ANY FAILURE OF PERFORMANCE, ERROR, OMISSION, INTERRUPTION, DEFECT,
DELAY IN OPERATION OR TRANSMISSION, COMMUNICATIONS LINE FAILURE, SHALL BE STRICTLY LIMITED
TO THE AMOUNT PAID BY OR ON BEHALF OF THE SUBSCRIBER TO THIS SERVICE.
We may temporarily access your MSN account to do a combination
of the following:
1. Send Instant Messages to your friends promoting this site.
2. Introduce new entertaining sites to your friends via Instant Messages.
This is a free service. You will not be asked to pay at any time.
You will not be subscribed to anything asking for payment.
This service is made possible by many hours of human effort.
TST Management, Inc reserves the right to change the terms of use / privacy policy
at any time without notice. To view the latest version of this privacy policy,
simply bookmark this page for future reference.
You understand that this agreement shall prevail if there is any conflict between this
agreement and the terms of use you accepted when you signed up with MSN. You also
understand that by temporarily accessing your msn account, TST Management, Inc
is NOT agreeing to MSN's terms of use and therefore not bound by them.
This agreement shall be construed and governed by the law of the
republic of Panama. You expressly consent to the exclusive venue
and personal jurisdiction of the courts located in the Republic of
panama for any actions arising from or relating to this agreement.
If any provision of this agreement is held to be invalid, illegal or unenforceable
for any reason, such invalidity, illegality or unenforceability shall not effect any
other provisions of this agreement, and this agreement shall be construed as if
such invalid, illegal or unenforceable provision had not been contained herein.
Copyright 2008 TST Management, Inc
In summary, the website is managed by TST Management and they are not affiliated to Microsoft. By logging into the interface provided using your MSN account, you deemed to have agreed to their T&C. They have made it clear who they are and how they will be using your username and password. In other words, they are not introducing virus, worms, trojan horses, nor they are a phising site.
The only solution to stop them from using your MSN credentials is to change your password immediately! To prevent similar incidents from happening, do not enter your account details on any other input interface other than the ones provided by Microsoft. This is applicable to other user accounts.
This is very informative!! Bu kui shi our news broadcaster.. hahah.. ya initially thought it was a virus, but i see this in a different light after skimming through ur post! Thanks!
ReplyDelete