This morning, one of the contacts on my Windows Live Messenger list appeared to be on-line and sent me a link that looked like this: [myusername].historyshotz.com. What caught my eye was the fact that my actual username was in the link, and then upon clicking the link, Firefox let me know that the site was reported as web forgery. Knowing the link came from a friend, I was curious, so I started to look into it. As it turns out, their account had been compromised and what I would have seen had Firefox not stopped me from following the link, are boxes to enter in my MSN email credentials.




http___historyshotz.com_.png

The domain, historyshotz.com was registered just yesterday (they are based in Panama City, Panama according to Whois.net) and they attempt to retrieve your credentials by telling you to login to see a photo from the person who sent you the message. Those who fall for it authorize some company called TST Management to “send messages of a commercial nature via Instant Messages and emails on behalf of third parties via the information you provide us.”That line comes from their Terms of Use/Privacy Policy where they also point out that they claim they aren’t a phishing site that attempts to trick you into revealing your information. Riiiight. They say that, right before they talk about accessing your account to send messages to your friends to promote the site, and introduce them to “new entertaining sites.”

What we are trying to get at is if you happen to receive a link from a contact on your MSN/Windows Live Messenger list that looks like this: [yourusername].historyshotz.com, (with your actual username appearing in the link), do not follow it and do not enter your credentials. We don’t care that they claim their intentions are good, they can’t be, not with the way they attempt to get your credentials in the first place, followed by the spamming they do. Oh, and that spamming, they say the user will be liable for:

“ANY LIABILITY, INCLUDING WITHOUT LIMITATION ANY LIABILITY FOR DAMAGES CAUSED OR ALLEGEDLY CAUSED BY ANY FAILURE OF PERFORMANCE, ERROR, OMISSION, INTERRUPTION, DEFECT, DELAY IN OPERATION OR TRANSMISSION, COMMUNICATIONS LINE FAILURE, SHALL BE STRICTLY LIMITED TO THE AMOUNT PAID BY OR ON BEHALF OF THE SUBSCRIBER TO THIS SERVICE.”

If you happen to get the link from a friend, be sure to let them know that their account has been compromised and to change their password immediately.

What was reassuring for us was the fact that Firefox already identified the site as web forgery, just one day after the domain was registered. Yay for Firefox!