"Pics for MSN Friends" spams

Filed Under: SophosLabs, Spam

In recent days, my personal MSN account has been bombarded with links from a few of my friends. What made it more curious is that the messages are usually sent when the user should have been offline and asleep since they're half the world away from North America. Certainly suspicious.

This blog describes the first of the two kinds of links I got: Pics for MSN Friends". The MSN message themselves look like this:

Definitely not the kind of messages that I would receive from this particular friend or the others whom I received messages from.

Going to the link from a safe computer, this is the site I got to:

The site looks a little bit similar to an MSN log-in page. But this is not MSN - so why would they ask for my MSN email and MSN password? To some readers, this is blatantly obvious. The website operators want MSN credentials for their own nefarious purposes - which would also explain why I get strange messages from my friends at odd hours. I bet my friends gave away their MSN credentials without realizing it.

The little "Terms & conditions" link at the bottom reveals a whole lot. Here are a few excerpts from the "Terms of use/Privacy policy"

By filling out this form, you authorize Tubela Management, Inc to spread the word about this 100% real and upcomming Messenger Community Site. You will receive your share of the credit in helping us spread the word.  This is a harmless Community site which is offering users a platform to meet each other for free.

What did people just authorize themselves to?

We do not share your private information with any third parties.
By using our service/website  you hereby fully authorize Tubela Management, Inc to send messages of a commercial nature via Instant Messages and E-Mails on behalf of third parties via the information you provide us. This is not a "phishing" site that attempts to "trick" you into revealing personal information. Everything we do with your information is disclosed here. If you are under eighteen (18), you MUST obtain permission from a parent or guardian before using our website/service.

Under 18 year olds probably didn't even see the terms of use to realize they have to ask their parents/guardians.

We may temporarily access your MSN account to do a combination
of the following:
1.  Send Instant Messages to your friends promoting this site.
2.  Introduce new entertaining sites to your friends via Instant Messages.

There it is. Tubela management "may temporarily access MSN accounts" to send messages. Sounds like a "License to Spam" to me.

You understand that this agreement shall prevail if there is any conflict between this agreement and the terms of use you accepted when you signed up with MSN. You also understand that by temporarily accessing your msn account, Tubela Management, Inc is NOT agreeing to MSN's terms of use and therefore not bound by them.

I have a nagging feeling the people who gave away their MSN credentials didn't realize that they authorize others to use their MSN accounts contrary to the MSN's terms of use.

This agreement shall be construed and governed by the law of the republic of Panama. You expressly consent to the exclusive venue and personal jurisdiction of the courts located in the Republic of panama for any actions arising from or relating to this agreement.

They're hiding themselves behind the laws of Panama. But wait... there are more interesting tidbits as well. The sites themselves are hosted in Hong Kong and registered under a random name/address combo in Beijing, China. Talk about being a multi-national/cross-cultural operation.

So far, it would seem that "Tubela management" is content at collecting people's MSN credentials and then proceeding to spam the individual's friends list. The spam stops after the account owners change their password. However, given the fact that most users share the same hotmail/MSN Live login with their MSN messenger, they probably have opened up their whole mailbox to these people.

The sad part is that these all could have been prevented if some common sense is used during web surfing. Don't open links unless you know it's safe and never give away your credential to an unknown party. Hopefully, after this little spamming episode, my friends will wise up and be more careful when they go on their web business.

Currently, the Sophos Web Appliance would block access to these "Pics for MSN Friends" sites. For  links sent through email, the Sophos Email Appliance or PureMessage would block those as spam.

For the other variant of links - the "Who blocked me" spam, I've describe them in a follow-up blog.

,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s