kotarski.co.uk

Home arrow Articles arrow Beware PICS FOR MSN FRIENDS Phishing Websites
Beware PICS FOR MSN FRIENDS Phishing Websites

I received an offline message from one of my MSN/Live Messenger contacts which looked distinctly odd. It consisted of a link and nothing else. Half an hour later another arrived from the same contact with a different website. However, it looked like the two sites were related.

As soon as I saw the first site I knew that it was a Phishing attempt. The big giveaway is that it asks for your MSN registered email address and MSN password to log in to the site. This is a big no-no and as the page was obviously nothing to do with Microsoft.

Image
PICS FOR MSN FRIENDS

Now I know that hardly anyone reads License agreements often known simply as EULAs (End User License Agreements) because they are hardly riveting at the best of times but they often give away what is really going on. The Terms of Use for this site are explicit in what it is going to do: Spam your MSN contacts. That is the short version. The long version is here (with the interesting bits highlighted):

Terms of Use / Privacy Policy:

By filling out this form, you authorize TST Management, Inc to spread the word about this 100% real and upcomming Messenger Community Site. You will receive your share of the credit in helping us spread the word. This is a harmless Community site which is offering users a platform to meet each other for free.

We do not share your private information with any third parties. By using our service/website you hereby fully authorize TST Management, Inc to send messages of a commercial nature via Instant Messages and E-Mails on behalf of third parties via the information you provide us. This is not a "phishing" site that attempts to "trick" you into revealing personal information. Everything we do with your information is disclosed here. If you are under eighteen (18), you MUST obtain permission from a parent or guardian before using our website/service.

This page is not affiliated with or operated by Microsoft(tm) or MSN Network(tm).

ANY LIABILITY, INCLUDING WITHOUT LIMITATION ANY LIABILITY FOR DAMAGES CAUSED OR ALLEGEDLY CAUSED BY ANY FAILURE OF PERFORMANCE, ERROR, OMISSION, INTERRUPTION, DEFECT, DELAY IN OPERATION OR TRANSMISSION, COMMUNICATIONS LINE FAILURE, SHALL BE STRICTLY LIMITED TO THE AMOUNT PAID BY OR ON BEHALF OF THE SUBSCRIBER TO THIS SERVICE.

We may temporarily access your MSN account to do a combination of the following:

  1. Send Instant Messages to your friends promoting this site.
  2. Introduce new entertaining sites to your friends via Instant Messages.

This is a free service. You will not be asked to pay at any time. You will not be subscribed to anything asking for payment. This service is made possible by many hours of human effort.

TST Management, Inc reserves the right to change the terms of use / privacy policy at any time without notice. To view the latest version of this privacy policy, simply bookmark this page for future reference.

You understand that this agreement shall prevail if there is any conflict between this agreement and the terms of use you accepted when you signed up with MSN. You also understand that by temporarily accessing your msn account, TST Management, Inc is NOT agreeing to MSN's terms of use and therefore not bound by them.

This agreement shall be construed and governed by the law of the republic of Panama. You expressly consent to the exclusive venue and personal jurisdiction of the courts located in the Republic of panama for any actions arising from or relating to this agreement.

If any provision of this agreement is held to be invalid, illegal or unenforceable for any reason, such invalidity, illegality or unenforceability shall not effect any other provisions of this agreement, and this agreement shall be construed as if such invalid, illegal or unenforceable provision had not been contained herein.

Copyright 2008 TST Management, Inc

They are being completely open in their intentions, except that the text is rather hard to read:

  • To use your MSN login details to access your MSN account.
  • To send SPAM to your MSN contacts
  • If so doing violates the MSN terms of use they don’t care.

If you have made the mistake of giving your MSN details go straight to http://login.live.com and change your password.

Then email your contacts and tell them what has happened and ask them to change their passwords if they fell for the Phishing exercise.

There are several sites which have been reported:

name.picslists.com

name.imglists.com

name.imagealina.info

name.imageloko.info

There are others with the general form name.somedoamin.com or name.somedomain.info where name varies.

Some are already being reported as Phishing/Fraudulent websites by internet security suites. There will probably be others to replace the ones being blocked. It is quite clever using a variable sub-domain because while picslsist.com is already being blocked nick.picslists.com isn't being blocked as yet.

The moral of this is never give your login details from one website to another no matter how interesting it looks.

 

Trackback(0)
Comments (0)Add Comment

Write comment

busy
Last Updated ( Monday, 18 August 2008 )
 
Joomla Templates by JoomlaShack Joomla Templates by Compass Design
toxic-precision