I have a Formspring.me account. If you’re not familiar with it, Formspring is a Web site that you can use to receive anonymous questions from people, which you can then answer in a way that lets everyone read your answers.
It’s actually pretty cool. My Formspring account is here, and I kind of enjoy answering random questions from folks. If, y’know, there’s something you want to ask.
Anyway, a few days ago I got this message posted anonymously to my Formspring:
Hey, I am posting anonymous because I don’t want you to know who I am but I found a nude image of you online.You may have to login to see it, but here’s the link: nudeimagedatabase(DOT)t35(DOT)(DOT)com/nude_image_549(DOT)html replace all the (DOT) with .
Now, first thing I thought was Russian mob spreading computer malware–Zlob or Asprox or something, right? I mean, seriously, it’s got their thumbprint all over it.
Turns out that’s not what it was, though. What it was is something a little more convoluted, and it exposes a weakness in Web sites that have a pay-for-signups affiliate program business model.