Home » Blogs » [BlakJak's Blog]

Hi5? Oh god not another one.

Submitted by BlakJak on Mon, 08/08/2005 - 00:18.
Tags:

Got some spam care of a friend of mine (ok, an olllld friend who I last corresponded with via email after she found me on oldfriends.co.nz) who's invited me to join "Hi5".

Another Social Virus. Orkut was one that I joined, and admittedly, whilst interesting to look at every now and then i'm not exactly a fan.

I use Oldfriends - but it somehow inspires some faith. Its also run by a reputable, local company - the Trademe group.

Hi5 - well, I had my doubts.
So I did a quick google.

NetworkSecurityArchive.org had an interesting link. Heres the bit that inspired me to post:

In the past few weeks, I have received a few messages from people that
I know, asking me to join their "network of friends" on such sites as
Ringo, Hi5 and Bebo. From what I understand, these sites offer you to
hold your address book for you. The idea is that each member keeps his
own contact info up to date, effectively keeping your own address book
up to date.
I also saw one such invitation (for Ringo) sent to a mailing list (and
the sender getting flamed for it shortly afterwards)

In one case, out of curiosity, I clicked on the link provided (it was
from hi5). The several-step form asked me for personal information
that I did not want to provide, including the *password* for the
Hotmail address I had provided !
The reason why hi5 wanted my Hotmail password was to "automatically
import my entire Hotmail address book to my hi5 account.
That's where my curiosity reached its limit: I did not go any further.

The person who initially sent me that invitation later told me that he
had received the same invitation himself, had joined the hi5 network,
and that hi5 then sent invitations to his entire address book without
him even realizing it.
I then thought that the guy who sent the Ringo invitation to the
mailing list perhaps sent it unvoluntarily as well.

What I'm getting at is, if these invitations "to join the network"
really are sent without the members' consent (or knowledge), they
share a lot of similarities with email-bornes viruses. They would be
viruses without a malicious payload (except for the flames you get
from spamming your entire address book, and the fact that you hand out
your Hotmail/Yahoo email password to a third party website).
This would then be like a virus that doesn't even require you to write
a line of code: all you need is to invite a few people to "join the
network", and let the website do the rest.

Automatically spams your address book.
ASKS FOR YOUR PASSWORDS FOR THIRD PARTY SERVICES!.

That immediately turns me off. Steer clear of anything that advertises itself like this. Shades of sms.ac!

Other hits included ryanschultz.com:

I got an invitation from a known in-real-life friend, to join something called the hi5 network (hi5.com). During the sign-up process, it listed three other friends who also had become members already, and asked me if I wanted to send them messages to link to them as well.

I stupidly said yes, and then, discovered to my horror, as vacation messages from work colleagues bounced back, that hi5.com had gone and sent marketing spam to EVERY SINGLE PERSON IN MY GMAIL ADDRESS BOOK. This, in spite of TWICE telling me that it wouldn't do that. God am I naive for falling for this.

That's dirty pool. And I plan to exact my revenge by telling EVERYBODY who cares to listen what a racket you are pulling, hi5. I cannot believe I was stupid enough to fall for a trick like this. Just goes to show that anyone can be snookered sometimes.

Scary stuff. STAY AWAY FROM Hi5. Its just Not Worth the Risk.