On Saturday, I received an invite from my friend CC Chapman regarding a new social media network called Quechup. While I converse with CC often via Twitter or other places, I had never received a social network invite from CC in the past, so a little flag went off in my head. Upon further inspection I found that the invite was sent to a distribution group address. BIG flag. Eventually that invite would be followed by several others from CC (directly to my email address), and other from other friends.

What happened? Apparently this new service scraped people’s email addresses and sent unsolicited invites from them as people signed up for the service. Enter unsolicited viral spam.

THIS IS NOT GOING TO BE PRETTY

The most striking thing to me about this attack was how it strikes a blow to the trust economy in social networking. There have been email viruses that spread to everyone in your address book before. This one was different. It utilized the trust from those that apparently sent you the “invites” to ALLOW this site into your address book. I trust CC implicity, as do many of the others that I got the invite from.

WHY?

I’m curious to see what the point of this attack was. Was it a proof-of-concept to how faliable the trust economy can be? Was it designed simply to scrape email addresses for the spamalopes? Or… what is a programming mistake that sent emails to EVERYONE on your address book instead of the ones you specified? If it IS the later, the programmer just killed months of planning for this service.

One thing that is certain. If you received the flood of invites, it just put a crack in your trust of social networks. THAT is the saddest part of this attack.