I was sent a link on my MSN from one of my chat contacts that had my MSN ID included in the url and I'm trying to figure out how this scam works...

The site is imglists.com and all that's on the front is CPA offer that rotates.

The link I was sent looked like this...

hXXp://yourmsnhandle.imglists.com

It's a landing page that has a login and at the top it says "Pics For MSN Friends" and you're supposed to use your MSN password to gain access.

My friend said he didn't send anything, but he got a similar link from one of his contacts with his MSN ID included...and he logged in thinking it was real.

So what's happening here behind the scenes? Does it steal your password and contact your friends from the server or does it infect your computer somehow and send to all your friends?

How does it make money?

lol.
it doesn't steal your password, it relies on you to enter it. if you're dumb enough to enter it , it probably logs in with your msn ID to the chat servers and spams your contacts.. since msn ids = hotmail/msn addresses, there's lots of reasons for them to grab it. they could be spamming, they could be harvesting contact emails to spam, or they could be looking for all kinds of infoz.

There's a similar one doing the rounds on Facebook at the moment. It's hosted on imagehost as an swf which redirects to a fake Facebook looking URL. Here's the link.

http://img232.imageshack.us/img232/909/fbdr4.swf

I quite admired this one, as it's super viral. Once they get your details, by being an idiot and entering login details, it logs into your account and posts a message to all your friends saying, "I just found this blog with some really horrible pictures about you. You gotta check this out." then it shows the above link.

The rest is self explanatory.

__________________

PA Hire Swindon

why not report that to imageshack? heh.