Have you ever had a friend send you a link via Instant Messenger that looks similar to this?
http://www.geocities.com/`some_user_name`/`some_filename`.html
This link actually works, you can visit it, but whatever you do, DO NOT ATTEMPT TO LOG IN!!!
Here’s a quick rundown of the scenario. You get the link, figure that “Hey, friend sent it, so it must be legitimate.” You visit it, oh it’s a photo album, fine you need to log-in to view it. Luckily you’re a Yahoo subscriber so you don’t need to register. You log-in… nothing happens, you’re redirected to the same page. You figure it must be a server error and just dismiss the issue… only to find out that you too are sending the same messages without your knowledge.
This has been around for quite a while, but I never mentioned it because I assumed most internet users would have enough sense to put the link under scrutiny before actually putting in their information. Obviously given the rising number of “messages” I’m getting from people in my contacts, I’m guessing more and more are getting “infected.” Therefore I thought it would be worth mentioning now to all my friends who read this blog.
Technically I don’t think it’s an infection, as it isn’t really a virus. True that the more people who input their log-in information suddenly start sending the same dubious link from their own account… similar to those email viruses… but wouldn’t go as far as to call it that just yet.
As you know IM clients usually can allow you to login in to your account from different places. I’m not so sure about YM, but I would say it was possible that a program (in this case I’m considering it as a bot) simply stored your login-info, then automatically logged in to your IM account, therefore having access to your contact list (because most IM clients have their contacts stored in the server) then send the same link to everyone in it.
It certainly is viral in its concept, and it takes the same type of user error to be victimized, but there is no special removal tool to do it. As I mentioned, the bot simply logs in to your account, wether by existing, or custom/proprietary IM software to do the job. It still needs access to your account to do the “damage,” so if you changed your password, it can no longer use your account. But otherwise, it could be running without your knowledge…
So technically changing your password should solve it. Whoever has been victimized should do so immediately. You’re lucky; since the bot was just programmed to disseminate this link, I’m guessing it’s some type of email aggregator since YM accounts are directly linked to email addresses (for this particular method of “marketing” the link ensures the victims all have active email addresses). But again you’re lucky it ONLY does that. What if the coder was malicious enough to change your passwords (which he could), or worse; automates the process to be effective immediately?
So try to be smart about it. If you recall putting in your login info in such “sites,” then I advise that you change your passwords immediately. It would be for your own good, and the good of the others who are being sent these irritating messages from your accounts.
isn’t this what they call “phishing?”
Yeah I got this too (from Jem and Lin yata). I just disregarded it though. Seemed dodgy enough as it is that those two would send the exact same link in the same manner at almost the same time.
Yes, it could be considered phishing. However, as of the moment it lacks the malice of true phishing scams (which usually lead to credit fraud, or identity theft).
But as far as the aggregation is concerned, then I guess it can be considered as such 🙂