This is cache of http://blogs.technet.com/steriley/archive/2008/01/07/faxbox-the-latest-in-password-scams.aspx. Cache is the snapshot of article that we took when we index feed.
To see original page click here.
We are not affiliated with the authors of this article and not responsible for its content.
FaxBox: the latest in password scams
2008-01-07 18:09:34 by Steve Riley in Steve Riley on Security
 

Looks like spammers have found yet another way to worm (ha ha) themselves into the computers of the unsuspecting. In my junk email folder this morning, I saw this message:

From: Question It [mailto:question_it@fanboxapps.com]
Sent: Monday, January 07, 2008 2:34
To: Steve Riley
Subject: Ratul has asked you a question on FanBox

<http://ai.hitbox.com/ai?hb=DM550726CGWB&ai=EMC-FBX_Questionit_sync>

Ratul asked you a question. View the question <http://www.sms.ac/WidgetAPI/Service.ashx?version=1&Method=GoToMyWidget&FROMeUid=4ZIFG1mO1m6PfQKo06SrHw==&eWid=KO7kd3aLplJrKkBpaarhhg==&AssocData=+kt0NC6UaHnnVtU7bTsqPw==&source=ViralWidgetEmail&encemail=mygm7I2EtPGYgkjfT5Bu/3oQesFPnbnqWXKIA33YOI0=&mlid=590803540> and answer it.

FanBox.com is the web-based desktop that instantly turns every computer into your computer. It includes over 10,000 web applications and games to choose from, including the Question It application.

This email was sent by Ratul while using the Question It application on FanBox. Go here <http://profile.fanbox.com/preferences/EmailBlock.aspx> to learn more or stop receiving emails from friends using Question It. FanBox: 255 G Street #723, San Diego, CA 92101, USA

<http://www.sms.ac/WidgetAPI/Service.ashx?method=OpenEmail&FROMeUid=4ZIFG1mO1m6PfQKo06SrHw==&eWid=KO7kd3aLplJrKkBpaarhhg==&encemail=mygm7I2EtPGYgkjfT5Bu/3oQesFPnbnqWXKIA33YOI0=&mlid=590803540>

For most of the well-known marketing profiling--oops, I mean social networking--sites, I've enrolled my email addresses in their opt-out mechanisms (I simply don't care about LinkedIn, Plaxo, Facebook, MySpace, and so on). But this one seemed suspicious. I don't know anyone named Ratul, and everyone who wants to ask me questions certainly knows my email address. It raised my bullshit detector.

So after a bit of foraging I found this: http://spamhuntress.com/2007/12/15/smsac-turns-into-fanbox/. Seems like the company running FaxBox got in trouble for doing this crap once before. Funny, isn't it, how you can just change your name and suddenly all your past sins evaporate! Well, not on the Internet, apparently. Your past sins can and do come back to haunt you.

When you sign up for FaxBox, they ask for your permission to email everyone in your address book (FanBox knows how to talk to most webmail systems). To do this, of course, FanBox needs your password. Most people, sigh, willingly supply their passwords to any seemingly innocuous service. We all know that these services really are vile disgusting filth, the very embodiment of whatever nefarious supreme being you now strongly wish would unleash itself on FaxBox and their ilk.

So in this case, I'm certainly not going to click on the link to stop receiving more emails. Rather, I'll put fanbox.com, fanboxapps.com, and while I'm at it, sms.ac in my blocked senders list. I recommend you do the same, and get the word out to your friends, too. FanBox--and anyone else who asks for your password--is evil, eeeeeevil I say.

 
Tags: email, question itfanboxapps, email address, question, fanbox, junk email folder, faxbox, ratul, named ratul
 
 
 
 
 
RELATED VIDEO
Expand / Minimize
SecurityRatty FAQ
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia