“MSN Messenger Block Checker” spams

In my last post, I mention about the “Pics for MSN friends” spam. The other spam variant from Tubela management I have received recently are the “MSN Messenger Block Cheker” ones.

To recap: Users who have gave away their MSN credentials to Tubela management allows them to “advertise” their links to all friends of an MSN user through MSN messenger or email. Since I have shown the MSN Messenger version in the other blog piece, I will show the email version here:

My friend has “invited” me to see who have deleted or blocked me from their contact list on MSN Messenger. Given this, Should I find out who don’t want to my friend anymore?

Let’s follow the link. The site the message links to is:

This looks somewhat similar to the “Pics for MSN Friends” in that the site is pretty bare and asks for MSN login credentials. Even though the site has a padlock icon and the words “Secure Site”, the link is still http:// and not https://. This means that the site is not secure at all. So, to answer the question above, it is not a good idea to give away my MSN credentials to this site.

Looking at the domain registration information of this site, and the IP of the web server, it is clear that this site is also owned by the same group of individuals. The big difference is the lack of actual terms of use. On the site, it says “By logging in you accept the terms.” However, the true terms is not linked to or displayed anywhere on the site. One has to wonder what terms they’ve accepted by logging in. My guess is that the terms of use are similar to the ones I described into previous blog, giving Tubela management a “license to spam”.

For ordinary users, the best defense against these kind of sites is to practice safe browsing techniques. For Sophos users, the “Blocker Checker” sites are blocked by the Sophos Web Appliance, much like the “Pics for MSN friends” sites. In addition, the email message above would have been blocked if it had passed through a Sophos Email Appliance or Pure Message.