Recently I got a few invitation-messages on behalf of people I know, to join the sms.ac community. It's supposed to be a site that lets you send free SMS messages.
I ignored the invitations at first, because they looked phishy. But after about 5 invitations, all from different people I know, I got curious, and decided to check it out. After all, I thought, the site already has my email address (it was a Yahoo! Mail address, but I also got one invitation to my Gmail account) - people I know gave it to them.
So I clicked the invitation link. After filling-in the standard details (as well as my mobile phone number), I was surprised to be asked for my Yahoo(!) password. Why would sms.ac want my password?
They want it, because they want to read my address book, and send invitations on my behalf to all my contacts. Then it hit me - all the people that "sent" me invitations actually gave away their mail account passwords!
Does this count as a virus? I'm not sure. The users who did it, gave their password. The site didn't steal it from them. In fact, it said it will invite their friends.
I am not a lawyer, but this service is probably legal, becuase they have the users' consent to do what they do. Yet, it's really annoying.
By the way - the main reason people sign up to the site is the promise to send free SMS messages. Well... I tried sending a message after signing up (I signed up without giving my password, it was not mandatory), but it didn't work. It said they don't support my cellular network - but my network is in the list of supported networks.
Beware of phishermen!