I just received a rather strange message from a friend on my MSN contact list. Naturally I was suspicious about any messages containing a misspelled .info domain and it seems my suspicions were correct about this one.
The site in question is pooop.info. You visit that site and enter your details at your own risk, although I highly advise that you do not enter your MSN account details anywhere except the Windows Live Messenger sign-in window.
The message I received looked something like this:
PARTY PARTY PARTY
http://[your friend's email account (the part before the @)].pics.pooop.info
The message other users are receiving may vary, so be vigilant.
So what’s the premise of this latest scam? A user basically voluntarily enters their MSN account details (email AND password) on the proviso they’re going to see their friend’s photos. The site is employing the tactic of a social networking site - sign-up to see your friend’s photos and it seems to be working. What most users don’t realise is that the fine print is spelled out clearly in their terms and conditions - which are linked in perfect sight above the sign-in box on the pooop.info website. Here’s the interesting part, their Terms & Conditions:
By filling out this form, you authorize TST Management, Inc to spread the word
about this 100% real and upcomming Messenger Community Site.
You will receive your share of the credit in helping us spread the word. This is a harmless
Community site which is offering users a platform to meet each other for free.We do not share your private information with any third parties.
By using our service/website you hereby fully authorize TST Management, Inc to send messages
of a commercial nature via Instant Messages and E-Mails on behalf of third parties via the information
you provide us. This is not a “phishing” site that attempts to “trick” you into revealing personal
information. Everything we do with your information is disclosed here. If you are under eighteen (18),
you MUST obtain permission from a parent or guardian before using our website/service.This page is not affiliated with or operated by Microsoft(tm) or MSN Network(tm).
ANY LIABILITY, INCLUDING WITHOUT LIMITATION ANY LIABILITY FOR DAMAGES CAUSED OR
ALLEGEDLY CAUSED BY ANY FAILURE OF PERFORMANCE, ERROR, OMISSION, INTERRUPTION, DEFECT,
DELAY IN OPERATION OR TRANSMISSION, COMMUNICATIONS LINE FAILURE, SHALL BE STRICTLY LIMITED
TO THE AMOUNT PAID BY OR ON BEHALF OF THE SUBSCRIBER TO THIS SERVICE.We may temporarily access your MSN account to do a combination
of the following:
1. Send Instant Messages to your friends promoting this site.
2. Introduce new entertaining sites to your friends via Instant Messages.This is a free service. You will not be asked to pay at any time.
You will not be subscribed to anything asking for payment.
This service is made possible by many hours of human effort.Messenger Profiles, Inc reserves the right to change the terms of use / privacy policy
at any time without notice. To view the latest version of this privacy policy,
simply bookmark this page for future reference.You understand that this agreement shall prevail if there is any conflict between this
agreement and the terms of use you accepted when you signed up with MSN. You also
understand that by temporarily accessing your msn account, Messenger Profiles, Inc
is NOT agreeing to MSN’s terms of use and therefore not bound by them.This agreement shall be construed and governed by the law of the Republic of Panama.
You expressly consent to the exclusive venue and personal
jurisdiction of the courts located in the Republic of Panama
for any actions arising from or relating to this agreement.Copyright 2008 TST Management, Inc
I bolded the interesting part - your account may be accessed to spread the word - I believe it should say ‘your account WILL be accessed’ because that’s exactly what’s happening. You may also notice that the T&Cs are governed by the laws of Panama. I’m pretty sure I wouldn’t give my MSN login details to anyone, especially a site in Panama. But alas, here’s where it gets even more interesting. A whois of the site
reveals the site is actually owned by a group in Hong Kong called Blue China Group, Ltd.
I wanted to see if the site was actually real in it’s claims, so I signed up for a dummy hotmail account… I entered the account details perfectly and what do you know? ‘Login failed’. Where are the photos I was promised? It seems that they’re just harvesting more and more email accounts that most likely be used for spam. They say they’re not a phishing site, and technically they aren’t because the Terms & Conditions plainly state your account will be accessed by TST management (there’s another discrepancy in the company’s details. What ever happened to Panama and the Blue China Group?) but I wish people would just be more careful about what they do with their information.
So spread the word to your friends not to give out their sign-in information to ANYONE, especially pooop.info. Halt the spread of this site and hopefully stop the potentially tens of thousands spam emails that will result from it.
Update: The obvious solution to this problem seems to be to change your account’s password. It seems this harvesting scam is starting to snowball, so be vigilant. Just to reiterate, don’t EVER give out your MSN account’s password. SEE UPDATE #3 BELOW
Update #2: Thanks to the comment of a reader known as ‘d’, another website, srys.info, has been uncovered which is run by the same group of shameless scammers. A whois of the domain yields the same results as the whois of pooop.info. Thanks d!
Update #3: After reading around on the internet, some say this problem is actually a virus (probably a remade version of the ‘Should I put this picture of us on MySpace?’ and then your friend would send you a .zip file). I don’t think it’s a virus at all but I will try to find out. For now, stay vigilant and remind your friends to read this article if they are affected by the problem.
Update #4 (March 26): This article has gotten quite a bit of attention around the internet, including a news story on mess.be. Just an update on the list of sites that you may be linked to include:
rkntbp.info, vnxpkf.info, yzxvsn.info, jcyhzr.info, vnxpkf.info, xrsnbt.info, dytgms.info, qpcbkt.info, yqbzfj.info, yxwzmq.info, psnkcq.info, sxwmkr.info, tqxycj.info, wcmbsj.info, rhqwcp.info, qmnfct.info, rsbkdg.info, zjdgxq.info, mxbpkr.info, xjctsp.info, rhqwcp.info, mgtwdn.info, kfytsj.info, dsbpzg.info, gmnzby.info, dbnyzc.info, jcyhzr.info, dsbpzg.info, dbnyzc.info, bzjnxd.info, zjdgxq.info, qvsgwy.info, cdystp.info, hmybqw.info, yvmjzc.info, vmytks.info, nhcswv.info, ztmrcj.info, wkfbmt.info, fvkgcz.info, zcxrjb.info, jtyqkv.info, xhzsrg.info, hqnxmv.info, srbgxz.info, pghzvq.info, bgpmwr.info, ndkzcy.info, tpyhzx.info, etc…
It seems that most of the info domains now use skaq.info as the main site and are simply just ‘mirroring’ skaq.info (it is the same site just under a different domain). Continue to be wary of such sites.
Update #5 (April 24): So here I am again updating this article because the face of the threat has changed, yet again, in an attempt to trick more users. It seems they’ve started to use more logical domains (as reported by users in the comments) such as imagehosters.info and friendpixer.com. I believe this will catch more users out, so once again I reiterate DO NOT ENTER YOUR ACCOUNT DETAILS ANYWHERE OTHER THAN YOUR MSN CLIENT. I appreciate your updates in the comments on the different sites, etc. Keep them coming! Note some comments are being pushed into the moderation queue as spam - don’t worry, I check these and get them approved as quickly as possible. There is no need to resubmit your comment.
Help to spread the word by Digging this story.
i got a very similar message from a friend of mine, and i’m ever-suspicious of any random website like this that asks that i enter the same username and password that i use for another service. it didn’t direct me to pooop.info, but srys.info instead. same format, with the friend’s username in the url. same page with a login screen and the TST Terms & Conditions.
my friends are not unintelligent, but they are, perhaps, gullible. apparently that goes for quite few people out there–sad, but true.
Thanks for the info, d! The post has been updated accordingly.
[quote comment=""][...] see. …The Unavoidable Obsession with Hillary Clinton&39s Dead End BuzzFlashblog.washingtonpost.comLatest MSN scam records usernames and passwords for spam I just received a rather strange message from a friend on my MSN contact list. Naturally I was [...][/quote]
[quote comment="23324"]i got a very similar message from a friend of mine, and i’m ever-suspicious of any random website like this that asks that i enter the same username and password that i use for another service. it didn’t direct me to pooop.info, but srys.info instead. same format, with the friend’s username in the url. same page with a login screen and the TST Terms & Conditions.
my friends are not unintelligent, but they are, perhaps, gullible. apparently that goes for quite few people out there–sad, but true.[/quote]
well, i got that just a day ago and changed my password and everything is fine for now
i guess the website is down as the message “403 - timeout” is displayed after i click on the link myself
update on another.
flst.info that surfaced on my friend’s MSN.
have searched the domain and is exactly the same as srys.info and pooop.info
another one.
flst.info
domain is same as srys.info and pooop.info
yeah
http://bulkbul.info/ is another one.
Same goes here with bulkbul.info.
Actually this seems to be spreading in Estonia, and is out since St Valentine:
http://morkiel.wordpress.com/2008/02/14/msn-msn-msn/
There it was a link to
http://misiganesnimi.partypicx.info/
It’s not only “TST Management, Inc” - but also “MessengerProfiles, Inc”.
The domains are secured with Whoisguard. Check
http://www.afilias.info/cgi-bin/whois.cgi with bulkbul.info:
Domain Name: BULKBUL.INFO
Created On: 27-Mar-2007 11:11:07 UTC
Last Updated On: 26-May-2007 20:42:28 UTC
Expiration Date: 27-Mar-2008 11:11:07 UTC
Sponsoring Registrar: eNom, Inc. (R126-LRMS)
Status: OK
Registrant ID: 3B6F183DBD6DB9DD
Registrant Name: WhoisGuard Protected
Registrant Organization: WhoisGuard
Registrant Street1: 8939 S. Sepulveda Blvd. #110 -
Registrant Street2: 732
Registrant Street3:
Registrant City: Westchester
Registrant State/Province: CA
Registrant Postal Code: 90045
Registrant Country: US
Registrant Phone: 1.6613102107
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email: 3d77f55b452e4b8d852cf442c7604701.protect@whoisguard.com
Just change your password in MSN/hotmail and you should be fine. You might also want to warn your contacts.
Add http://www.bulkbul.info/ to the list…
/Joakim
Seems *.pics.skaq.info has the same site on it.
Just received a MSN message with a link to this site and thought i’d research the company name on Google and found this site.
[quote comment=""][...] Seems this particular blog has noticed a similar phishing attempt by the same individual(s) using more than one domain:Forged Euphoria - Latest MSN scam [...][/quote]
Same problem here but with a http://username.pics.skaq.info site.
http://www.enstaneette.com/ <— That’s one that is spreading rapidly in Finland. Asks for your messenger credentials and if you input them, you get a virus and it starts linking the site to all your contacts.
[quote comment=""][...] Seems this particular blog has noticed a similar phishing attempt by the same individual(s) using more than one domain:Forged Euphoria - Latest MSN scam [...][/quote]
.pix.skaq.info
is another site
I’v got another one…. 03kem.info
just got the *.03kem.info link also and the contact doesn’t know how they got her login info.
i got it too from my gf
except its “images.05b7b.info/”
i almost entered in my details cause it was from my gf but i was like wtf this doesnt seem right haha so lucky i didnt =]
I never signed up for anything/clicked on anything and I have this problem (my msn sends out the link).
I don’t know how that happened but it has.
[quote comment="23749"]I never signed up for anything/clicked on anything and I have this problem (my msn sends out the link).
I don’t know how that happened but it has.[/quote]
There have been reports of this being a physical virus as well as people simply signing into your account. I suggest a full system scan with your antivirus software and changing your account’s password as an extra precaution.
I just got a message from a friend pointing to http://his username].profilepics.info
The address might look more legit than the randomly generated or misspelled ones, but is also owned by TST management, so watch out!
[quote comment=""][...] Seems this particular blog has noticed a similar phishing attempt by the same individual(s) using more than one domain:Forged Euphoria - Latest MSN scam [...][/quote]
What if you accidentally enter your information… and then quickly change the password right after it. And then the next day it doesn’t work. How is it possible? and most importantly… is there a way I can get my account back?
[quote comment="23830"]What if you accidentally enter your information… and then quickly change the password right after it. And then the next day it doesn’t work. How is it possible? and most importantly… is there a way I can get my account back?[/quote]
If you changed your password you should be right, but as for getting your account back because you forgot the password - it’s going to be pretty tough.
http://(friends name).friendpics.info/
I copped this one. Stupidly filled it in. Changed password immediately. Hope thats it.
Hello,
Just to update the list. Seems like they started registering more logical domains. The new one is picfriender.info.
It looks like they moved to Panama now. The whois is giving a Panama location, and the same location is used for the following domains:
http://www.localpics.info/
http://maxcomments.com/
Haven’t found more. The address they use is of a Panama law firm, and in the message they’re also stating something about ‘This agreement shall be construed and governed by the law of the Republic of Panama.’ Maybe they’re trying closer to home now, or they’re getting caught.
[quote comment=""][...] #2: It seems that this is not new, Aeriff wrote a blog post on this on March 15th. The only difference is the more logical domain name (picfriend.info vs. [...][/quote]
0ryh.info came to me today.
nooo there’s no way that I forgot the password that I changed it to. I wouldn’t use a password I’d never used before. It must have been changed while I was changing it also… =’[
Now also using c0olstuff.info
[quote comment=""][...] a misspelled .info domain and it seems my suspicions were correct about this one. … http://www.forgedeuphoria.com/blog/2008/03/latest-msn-scam-records-usernames-and-passwords-for-spam/ forgedeuphoria.com [...][/quote]
mine was 1c3q.info at the end, and of course I did not!
you can add this link to the list: http://jonigaloni.1fp9.info
http://.1ik5.info also…
this virus is so widespread now it’s unbelievable!
http://.1ik5.info also…[quote comment="24597"]http://.1ik5.info also…
this virus is so widespread now it’s unbelievable![/quote]
I got this from my friend too! Why are MSN users today so easy to believe any lie into giving typing the MSN password now. Got to warn others.
They are linking to ausername.friendpixer.com now.
I also got one from http://very.c00l-stuff.com/
Fairly different from .info ones. Bad sign !
Thanks for the article.
I wonder if we should report these sites in the phishing tool in firefox, as I did for the first link I received.
Just recieved an instant message on msn and it is simply a website address. friendpixer.com
But this has tst management terms and conditions. In the first lines of the terms and conditions it says “This is not a phishing scam.” The site asks for your msn email addy and password.
It seems that “they” have made it even more sophisticated - now containing the username of a hotmail account http://hotmail_username.friendpixer.com when sending…
[quote]They are linking to ausername.friendpixer.com now.[/quote]
also just received one.
imagehosters.info
[quote comment=""][...] read more | digg story [...][/quote]
[quote comment="24769"]imagehosters.info[/quote]
yep, me too
gotta try to catch these clowns
[quote comment=""][...] read more | digg story [...][/quote]
http://imagehosters.info/ to add to the list
contact who keeps sending me messages to “sign in here” etc pointing to above sites is now telling me ‘hii.. check out this.. http://real.amazing-stuff.info .. brb !!’
Your information is greatly appreciated, everyone. Keep the tips coming.
msnname.myfriendz.info is another one….
Registrant Email: tstmanagement@gmail.com
Admin ID: a1c2f5cd1d7
Admin Name: Mark Bradley
Admin Organization: TST Management, Inc
Admin Street1: edificio Magna Corp - 5th Floo
Admin Street2:
Admin Street3:
Admin City: PANAMA
Admin State/Province: PANAMA
Admin Postal Code: 0000
Admin Country: PA
Admin Phone: 507.2021577
Hi,
One of my friends received a message via MSN messenger telling to visit http://teh_sa.friendpixer.com/. She provided her IM account and its password few days later when she realized what it was. Is it just the IM account and password harvester?
I am curious, because she sometime notified her account had been signed on when she signed on. She worries her message box is peeped and malicious use of her documents.
http://xxxxxxxx.real.awesome-stuff.info
A friend of mine also got one “http://xxxxxxxx.real.awesome-stuff.info”
I told her to change pw and to warn the other contacts..
Still, I looked around for a solution and found this: http://www.bleepingcomputer.com/forums/topic143796.html but I’m not sure if it’s a solution or if it’s all set up from the same one that spreaded this thing.
@Gabe: I don’t think that file is a fix at all - no files were installed nor downloaded, only your password shared so it can’t be Malware. I think the process that was outlined on that forum was to get rid of the Malware that has been spreading like wildfire lately where the contact sends a zipped file claiming it to be a picture with a message like: ‘Do you mind if I put this picture of us on Myspace?’
Just got a message from my girlfriend who was offline.
The url was next (username).this.are.the.fri3ndp1x.info
Alarm straight away. As I knew that she is not online. Due to a customer meeting at work.
got this one from a friend .was.found.by.fri3ndp1x.info
I asumed the problem was in her computer(?) so i advised her to warn her contacts, change password, run antivirus and antispyware. Anything else?
http://emailaddress.haha.they.have.taken.ph0t0s.info is what I got.
Got a message from a site not mentioned here: http://xxxxxx.haha.they.have.taken.ph0t0s.info/
It have the same Terms of Use / Privacy Policy from TST Management.
here’s one more: awes0me.info
also owned by TST Management Inc.
just got that link on my MSN
http://ch33se.info/indexxx.php
Add http://www.p4rtyp1cs.com to the list…
I got a similar message linking to [name_from_email].b00m.info. Checked the whois for b00m.info, owned by the same “TST Management, Inc”. Thought you might wanna add it to your list.
meetp0int.info is also another mirror now
You can add checkdiz.info to the list of sites “run” by TST Management and Blue China Group.
my friend got it, it sent me hisUsername.snapsh0t.info
does any one know how to remove it?
thanks
Hi,
Nice article. I believe TST Management are registering their domains with Enom. You could use eNoms report abuse form to report them http://www.enom.com/help/abusepolicy.aspx.
Regards,
PGJ
Anothher site is *randomword (for mine it was my friends name)*.ther1ng.info
http://lefety.b0unce.info
Add it to your list?
Here’s another latest one i hope so … got it from my friend and as i thought same scamming technique like “whoblockyou”
here’s the address:
http://(myfriend’saccount).flatl1ne.info/
There is a scam that has .jumphost.info I guess. It is their way of
doing these scams.
Nasty.
Funmobile is another company to look out for. Nasty too. In short if you enter a pin (after entering your sms number) they charge the cell phone bill 6-7 USD A WEEK!!! So…they will scam you (our children) for 28 USD until the next bill…
The site is alwayse changing.
It is now jumphost.info.
New dns: freakpics.info
Ciao =)
[email].h0t-pics.info
another one! Jesus christ thank god I did a whois on the domain because I got suspecious. 2 google searches and I get here.
Remember people, don’t click weird links
http://www.picmarker.info is another one of these “TST sites” …. it got me and my girlfriend… changed all our passwords… hopefully it was fast enough.
The same here goes for the imgcheck.info domain…
just got sent a link to loadpics.info…
“tst management” like the others
I keep getting a message from a friend of mine when he is offline with the same terms and conditions asking for login details, At first I thought it was a web chat as I thought he may have been having problems with his MSN. Thankfully I took a closer look because I thought it looked so fake and didn’t end up entering any details as I’m usually quite careful when it comes to stuff like this. The URL was imgchecker.info All I can say is be careful people.
Danos Out….
just got sent a link to http://email.y0urpic.info/
and again “tst management” like the others
I got one from my boyfriend and I knew right away it was not good..
it is http://username.image-banana.info
I just asked him to change his password info … hope that works..
Another http://(Any kind of random name here).imagegallerys.info/
Anyone want to come with me to Panama to destroy their servers?
Great article, but one question remains, how to remove it???
@Chayolle: Just change your account’s password. As I said in the article, nothing is installed on your computer.
Thanks for the post, I got the exactly same kind of link sent to me, only the name is different: this time it is imagecherry.info
username.imagequick.info
was the one I got sent tonight
Also owned by TST. They’re rife!
A new one:
imagekick.info/
Alas this one got me, but I realized what it was about the time I clicked login *smacks forehead I changed my password instantly and hopefully it didn’t send to all of my contacts U.U
Another URL for the list .imageh0sting.info
Another one: imageloco.info
Whois shows it is owned by TST Management
http://aidison3694.imagealina.info
i got one from imagepenguin.info
hosthdd.info is also a site you’d want to steer clear of. I mean, a friendwhom I’ve never talked to on MSN sent me this. Go figure.
Same junk at hostapic.info and get-that-stuff.info
Here’s a log of mine: I edited the names:
Messenger Plus! Chat Log
Session Start: 09 July 2008
* Me (me@domain.com)
* friend_name@hotmail.com (friend_name@hotmail.com)
(22:08) friend_name@hotmail.com: http://friend_name.holyimage.info
http://get-that-stuff.info
(22:12) friend_name@hotmail.com: http://friend_name.imagefrosty.info
http://get-that-stuff.info
I wasn’t gullible enough to fool for it. Found this site on Google so thought I’d post these.
I reported four of them to the registrars, MSN and yahoo. (hostapic.info, imagefrosty.info, get-that-stuff.info, and imagegallerys.info)
The results of my reporting are available here: http://erroraccessdenied.com/node/1635
just got one of thes thru my girlfriendsw contact know shes at work so ive signed in on an old messenger account and blocked all the old contact list, then entered my password and old email when i sign bk into messenger will the contacts be unblocked? i take it this is done by a software program and not manually? my contacts were still blocked hence they cant send an im!
add disco-fevers.com to the list.
.disco-fevers.com is another one of these websites incase it has not been mentioned.
The website is owned by the TST group (apparently).
This is a clever website as the domain (with the recipitents email) is only made at the time the message is sent via an instant message. Therefore putting random crap in this section will register as a site error.
eg of situation
Victem@domain.com “sends” the message to Bogus@domain.com
in this case the link sent will be bogus.disco-fevers.com
Could be worth adding as this is clearly going around.
Another one:
username.findthatt.com
The latest scam site is http://www.imgers.com/
I reported this to US-CERT.
Please submit reports about phishing sites to phishing-report@us-cert.gov
One of my friend keep sending me a link while she is offline. (computer off, perhaps)
http://xxxx(my ID).disco-fevers.com/
I was really annoyed by that, and then I went to Mozilla.org to report the site as forgery website.
After that, I thought I might be able to do more about it, so, I went to FBI website and reported this website, and gave them the information I’ve collected about the site. (whois)
As I checked today, when I use firefox (mozilla product), the site was marked as forgery. Then, I use IE to check this site, and the screen show the site is no longer exist.
I think everyone should do whatever possible to eliminate those rats.
(ps. that website is hosted by a U.S. company)
Another one: catchedyou.com
Another domain
username.youphotoz.com
.torrocheck.com, same TST Mgmt company in whois
Well they just hit our messengers at work and the most recent site is below:
Most recent site is http://wwww.imgchecka.com
Sadly, it uses your first and last name (on mine) so it looks legitimate until I googled it.
Thanks for the heads up.
all you need to do is change your password and your all sorted again!!!
I got it today
Maybe it’s enough to change password, but it also insert a Trojan to the system.
TROJ_SHUTDOWN.BG
The Trojan close down your MSN connection, and you get a message that you are logged one at an other machine.
hey thx 4 the heads up
I use msn mobile and i was logged on with my girlfriend
Next to me.suddenly i got a instant message from her
and she was next to me. Same thing as before…
It was http://*my user name es. John*.torrocheck.com/
Lets beat those wankas!
Mine was .sh0tz.com
if you also go to http://www.sh0tz.com it take you to the same page…
I just got one for http://friendlypixx.com/ today.
another domain: username.whosthatt.com
I got one for http://www.CrazyThingx.com. I did not do a whois, but I bet it’s the same guys.
i have got one from my fiend,http://june.11.thatzyou.com/
just like a foolish man, now i have changed my passwords. i don’t know what will happend.
Ive had several of these today.
Thought i had better share the last two
http://is-dat-u.com/
http://is-thatt-you.com/
It came to me on MSN Messenger with e.g karl.is-dat-u.com, karl.is-thatt-you.com
Both the same as mentioned above.
Same company!
Cheers
Hi,
I was googling around for more info about that obvious scam (I like the Terms and Conditions though, pretty honest), and found your blog. Add this one to the list:
.is-thatt-you.com/
This one was sent by a friend of mine, with *my* username in the address, I don’t know if it’s always like that?
ok have also recived a message but only it is coming from my mom lol yea i kno but still we both use the same computer but it only happens from her acc. and the message reads as this ((coinz87.myfriendsz.com/))) so what it is doing this time is taking who’s ever e-mail and using it right in the message just thought i would let ppl kno and hey thanks for the website
Hi.
Found this artlice after receiving a strange link from a friend.
The link was http://msn-name.picfriendz.com:81
Just thought id let you know.
Michael.
I got this from a friend: xyz.imgfriendz.com where xyz is my msn-username, also by TST Management.
Our company got hit with this today. What a mess! Pay attention to any message boxes from Messenger telling you that you are signed in to another computer. Change your MSN password ASAP!
Just receved a message from a offline contact: peter.imguser.com.
I clicked the link, and created a new msn called AntiMsnHacker@live.dk
I tried to log in with my new email and password but it failed. Or did it.
I didn’t log of MSN that day and nect morning i was offline…
I did a whois on imguser.com and the owner of it is also TST Management.
Later same day i wrote an email to tstmanagement@ymail.com and support@NameCheap.com
Not because i think it would help, im just so tired of receving those messages form my stupid friends HEHE..
summarypic.com
tst management, as usual
someone needs to stamp that guy out. and perhaps MSN live can block his IPs, he has to be
signing in to hundreds of gullible accounts to send this dreck.
Just reported another one of their sites to Microsoft’s piracy address (ok, so it’s not really piracy, but I couldn’t find an address for reporting phishing): yourpiczz.com
I fell for it the first time, stupidly, then quickly changed my password so they couldn’t spam my contacts.
There’s a new domain picslists.com Usually sent as: http://receivernickname.piclists.com
http:(usernamepicthanks.com or something similar - keeps coming from a couple friends of mine with my username in it!
Ever since the msg, my antivirus has detected a trojan and my ebay account was hijacked! BEWARE!! I HAD TO PROVE MYSELF TO EBAY to get my account back and have now changed every single password for every site I may have accessed since getting the message.
p.s. I have NEVER in over 15years of internet and downloading had a virus, worm or otherwise.
PLEASE BE VERY AWARE AND CHANGE PASSWORDS, CHECK ACCOUNTS ETC AND RUN ALL VALID AND LEGIT ANTI SPYWARE/ ANTI VIRUS AND SO ON
I got some trojan/ agent found on my lappie
Hope no one else has had this problem!
btw, if u do find any trojans or such like, there is great help on the majorgeeks.com website
right, off to kill off this trojan! wish me luck
just got a msn from someone from Wayn.com he just left a link never said anything else and when u click on, it say login with r msn email and password.. i read the terms inconditions and got a chill up my spin…. so i just googled tst management and got this site…. thankgod.