For the past few months I've been getting the occasional spam message from various friends of mine on MSN.

Generally the spam consists of a single link from a friend, who then promptly signs off again. The links generally look something like "myfriendsname.b1ing.info".

At first I figured they'd just caught a virus, but then when I started to get spam from Mac users I became more sceptical. Just now I visited one of those pages, to see what was up. There I was greeted by a login page which wanted my MSN username and my MSN password, supposedly so I could access "pics for MSN friends v1.1c".

Interestingly enough, when I scrolled down the page and read their "Terms and Conditions", I found these little gems:

By using our service/website you hereby fully authorize TST Management, Inc to send messages of a commercial nature via Instant Messages and E-Mails on behalf of third parties via the information you provide us.

And...

We may temporarily access your MSN account to do a combination of the following: 1. Send Instant Messages to your friends promoting this site. 2. Introduce new entertaining sites to your friends via Instant Messages.

Cute!

In plain English, what this means is they're going to use your MSN account to spam your friends. It is refreshingly honest of them to tell you so up-front, but they know most people wont read the T&Cs and are really just covering their asses to avoid lawsuits.

Giving these dorks your account details also means that your MSN access will become less reliable: every time their system connects to send spam to your friends, you will be disconnected.

Finally, if you happen to use Hotmail for e-mail as well, you've just given them full access to all your mail, so they could spy on you or use that account to send e-mail spam.

My recommendation: if you have fallen for this trick, just change your MSN password. That should make the problem go away.

Please, do it now! Until you do, I'll keep getting spam from these guys. Unless I block you or remove you from my buddy list...

...

In general, I recommend that people never, ever, ever, type in any of their passwords on untrusted web-sites online. The very fact that a site requests such data should set off warning bells and make you immediately suspect they're up to no good.

99% of the time, you'd be absolutely right.