If you receive a MSN message with a link from a friend, do not open it blindly especially if you find it suspicious and unexpected. I have been receiving suspicious links from friends whom they confirmed they never sent. After receiving yet another one yesterday, I made up my mind to research on this seemingly serious issue.
All messages received seem to have a suffix
.info in it. A possible message is as below:
Party Pics..
http://[your friend email address before @ sign].ther1ng.info
Messages may be even simpler with nothing but the link like below:
http://checkdiz.info
The messages may come in different variations. So far, the messages I received were from
ther1ng.info,
checkdiz.info,
checkout.the.fri3ndp1x.info, and
imagequick.info.
A quick navigation to
http://imagequick.info brings me to the below page.
The page is promoted using the concept of
Social Networking. It attempts to trick MSN users to login and share photos with fellow friends. A quick scrutiny on the
Terms and Conditions seems to have told the entire story. I include the entire T&C below.
Terms of Use / Privacy Policy:By filling out this form, you authorize TST Management, Inc to spread the wordabout this 100% real and upcomming Messenger Community Site. You will receive your share of the credit in helping us spread the word. This is a harmlessCommunity site which is offering users a platform to meet each other for free.We do not share your private information with any third parties.By using our service/website you hereby fully authorize TST Management, Inc to send messagesof a commercial nature via Instant Messages and E-Mails on behalf of third parties via the informationyou provide us. This is not a "phishing" site that attempts to "trick" you into revealing personalinformation. Everything we do with your information is disclosed here. If you are under eighteen (18),you MUST obtain permission from a parent or guardian before using our website/service. This page is not affiliated with or operated by Microsoft(tm) or MSN Network(tm).ANY LIABILITY, INCLUDING WITHOUT LIMITATION ANY LIABILITY FOR DAMAGES CAUSED ORALLEGEDLY CAUSED BY ANY FAILURE OF PERFORMANCE, ERROR, OMISSION, INTERRUPTION, DEFECT,DELAY IN OPERATION OR TRANSMISSION, COMMUNICATIONS LINE FAILURE, SHALL BE STRICTLY LIMITEDTO THE AMOUNT PAID BY OR ON BEHALF OF THE SUBSCRIBER TO THIS SERVICE. We may temporarily access your MSN account to do a combinationof the following:1. Send Instant Messages to your friends promoting this site.2. Introduce new entertaining sites to your friends via Instant Messages.This is a free service. You will not be asked to pay at any time.You will not be subscribed to anything asking for payment.This service is made possible by many hours of human effort.TST Management, Inc reserves the right to change the terms of use / privacy policyat any time without notice. To view the latest version of this privacy policy,simply bookmark this page for future reference.You understand that this agreement shall prevail if there is any conflict between thisagreement and the terms of use you accepted when you signed up with MSN. You alsounderstand that by temporarily accessing your msn account, TST Management, Incis NOT agreeing to MSN's terms of use and therefore not bound by them. This agreement shall be construed and governed by the law of the republic of Panama. You expressly consent to the exclusive venue and personal jurisdiction of the courts located in the Republic of panama for any actions arising from or relating to this agreement.If any provision of this agreement is held to be invalid, illegal or unenforceablefor any reason, such invalidity, illegality or unenforceability shall not effect anyother provisions of this agreement, and this agreement shall be construed as ifsuch invalid, illegal or unenforceable provision had not been contained herein.Copyright 2008 TST Management, IncIn summary, the website is managed by
TST Management and they are not affiliated to Microsoft. By logging into the interface provided using your MSN account, you deemed to have agreed to their T&C. They have made it clear who they are and how they will be using your username and password. In other words, they are not introducing virus, worms, trojan horses, nor they are a phising site.
The only solution to stop them from using your MSN credentials is to change your password immediately! To prevent similar incidents from happening, do not enter your account details on any other input interface other than the ones provided by Microsoft. This is applicable to other user accounts.
