First time here? Check out the site's "greatest hits" or read a post from the archives. Feel free to leave a comment or ask a question, and consider subscribing to the latest posts via RSS or e-mail. Thanks for visiting!
« DasBlog2 Theme Contest | Main | Caught in the Act »

MSN For You - MSN Messenger Worm Virus Self Phishing Replicating Evil

Posted in Musings.

getmessengerevilWow. I just got nailed. A trusted friend sent me a standard "check this out" instant message on MSN saying I should take a look at a site called http://www.newmsnlive.info also known as http://www.msnforyou.info and http://www.get-messenger.com.

Do NOT visit these links.

I didn't read the FAQ, but there's these gems:

"By using the Online Delete Checker you authorize Get-Messenger to temporarily change your nick to "http://www.get-messenger.com: Find out who removed you from his/her contact list" only for advertising purposes. You can change the nick again the next time you log into your regular MSN Messenger® client."

By using the Online Delete Checker you authorize Get-Messenger to send Instant Messages on your behalf to your online contacts advertising the site.

It is quite simple. We just try to get visits in order to make money publishing ads. There are no dark or mischievous intentions behind."

I don't know what I was thinking, but I figured I could just change my password afterwards. What I didn't expect, though, was that the website would send out Instant Messages to 300 of my closet friends, some of the messages in Spanish, asking THEM to visit the site.

Of course, these terms of service are buried at the bottom of a long FAQ I didn't read. I appreciate that they are 'honest' but I really find this way of viral advertising to be disingenuous.  Fortunately, I'm not the only one who is finding this to be very uncool, and the site(s) are starting to show up in Anti-Phishing Databases.

The issue is also being escalated with Windows Live Messenger Operations with the intent to get the URL blocked. And I've changed my Live Password.

I'm so embarrassed. This is the first time I've ever been "successfully" phished. And hopefully the last.



Thursday, July 05, 2007 11:01:40 AM (Pacific Standard Time, UTC-08:00)
ah, well -no real damage done Scott -I do admire u owning up to getting caught thou. Good on ye! :)
Dazza
Thursday, July 05, 2007 11:09:09 AM (Pacific Standard Time, UTC-08:00)
Well at least it was from a friend, that's a bit of an excuse. A while back I blogged about MS starting a swear filter on their email, and that post has become a magnet for the gulible. The comments are sad/funny depending on your view. I keep saying it's a scam, but more and more people are posting their MS Lottery spams there and asking if it's real.

So you're not that bad... heh.
BarryD
Thursday, July 05, 2007 11:41:18 AM (Pacific Standard Time, UTC-08:00)
Thanks for the heads up on this. With this happening to you and you blogging about it, you have probably saved an exponential number of people.
Phillip
Thursday, July 05, 2007 12:22:55 PM (Pacific Standard Time, UTC-08:00)
@BarryD - WTF? How did that first guy decide that you were some kind of expert on the "Microsoft Lottery" or whatever that was? (I get how the subsequent posts happened; Looking at your search engine referrals probably explain it well enough).

@Scott - You can't technically call this phishing, can you? I would think that the defining characteristic of phishing is a site purporting they're someone they're not. In this case, the site was honest, they just weren't entirely up front with their intentions to abuse your Messenger account. More of a con than phish, I think.
Cam Soper
Thursday, July 05, 2007 12:29:02 PM (Pacific Standard Time, UTC-08:00)
Wow! Well, I guess if you can get caught out, then anybody can get caught out.

I had a similar experience two years ago. I cannot remember what site it was or why I did it, but I gave my Messenger user name and password to a website. Before I knew it, all my Hotmail contacts received an email similar to the one that trapped me. I vowed never to supply my credentials to a site that I do not trust.
Trumpi
Thursday, July 05, 2007 12:57:18 PM (Pacific Standard Time, UTC-08:00)
Scott,

Do you mean that you gave your MSN password to this web site??

I'm very hesitant to share my password with anybody, especially with unknown people and organizations (web sites).
Dennis Gorelik
Thursday, July 05, 2007 1:02:07 PM (Pacific Standard Time, UTC-08:00)
You may be interested to know that when I pasted the message:

"Wow. I just got nailed. A trusted friend sent me a standard "check this out" instant message on MSN saying I should take a look at a site called http://www.newmsnlive.info also known as http://www.msnforyou.info and http://www.get-messenger.com."

It didn't show the message to my MSN chat buddy. I think MSN must be filtering them by some blacklist, recognizing those URLs as bad ones.
Zeltzer
Thursday, July 05, 2007 1:06:00 PM (Pacific Standard Time, UTC-08:00)
Dennis - Yes, and this is why I'm an idiot today.

Zelter - Excellent. Then the word has gotten out.
Scott Hanselman
Thursday, July 05, 2007 1:09:21 PM (Pacific Standard Time, UTC-08:00)
You know, three years ago I used to get messages exactly like that all the time from people. It's not a new thing, I wonder why it only just got blacklisted, well, today?
Demerzel
Thursday, July 05, 2007 1:41:10 PM (Pacific Standard Time, UTC-08:00)
It got blacklisted today because I got one of these messages from Scott and forwarded the URLs on to the Messenger team.
Ry Jones
Thursday, July 05, 2007 1:43:43 PM (Pacific Standard Time, UTC-08:00)
It happens to the best of us, and the worst of us.
Haacked
Thursday, July 05, 2007 1:58:31 PM (Pacific Standard Time, UTC-08:00)
The more interesting thing is how some unscrupulous web site got you to cough up your personal information in the form of your contacts list. They even got you to authorize a mass message sent to everyone on your list pimping their bile while looking like it came from you. (A trick that worked so well that when you got one you didn't hesitate to click it because it came from, as you said, a trusted friend.)

It wasn't a clever piece of code that hacked your account. Instead, it was some brilliant social engineering. Playing on your, and everyone else's that they duped, ego. "Of course I want to know who has blocked me from their life! I will willingly release control of my account, just give me the goods."

Genius.
Jason
Thursday, July 05, 2007 1:59:30 PM (Pacific Standard Time, UTC-08:00)
Well said! Good points all. It was an ego-phish!
Scott Hanselman
Thursday, July 05, 2007 2:06:57 PM (Pacific Standard Time, UTC-08:00)
This reminds of something similar a few years back. There was an e-mail going around that had words to the effect that "somebody you know has a secret crush on you; enter the e-mail address of who you think it might be to see if you are right." Of course, the same message got sent to *those* people, and so on.
Leo
Thursday, July 05, 2007 2:33:44 PM (Pacific Standard Time, UTC-08:00)
Scott sent me another URL, and it's been blocked as well. If anyone has different URLs, please email me directly and I will pass them along to the Messenger team.
Ry Jones
Thursday, July 05, 2007 3:05:19 PM (Pacific Standard Time, UTC-08:00)
Ouch, that hurts.

It sounds like you don't have antiphishing built into your internet security program... Or are you using an internet security program, and which one if you don't mind my asking?

I just posted an article about internet security because Norton did not pick up MalwareAlarm on both my home computers and neither did McAfee on my work computer.

I did a controlled test with Panda's Internet Security suite (tried to install it to see which security programs would catch it), and it was was the only one that truly caught it... along with an attempt from one of my neighbors to hijack my wifi network... along with a defragmentation attack that was hitting my hard drive every few minutes (and I was thinking it was time to buy a new hard drive)!!

It has antiphishing and web site content filtering built in as well - which sounds like something you might want to take a look at ;-)

Here's the article if you don't mind my posting a link: Norton and McAfee Failed to Protect My System from Malware and Viruses
Rick Palmer
Thursday, July 05, 2007 3:13:51 PM (Pacific Standard Time, UTC-08:00)
Interestingly, this morning, neither IE nor Firefox's Phishing filter picked it up...they do now though.
Scott Hanselman
Thursday, July 05, 2007 3:21:06 PM (Pacific Standard Time, UTC-08:00)
The only question I have is: Did they let you use a strong password?
Joe Brinkman
Thursday, July 05, 2007 8:19:24 PM (Pacific Standard Time, UTC-08:00)
A far more amatuer looking site tried to do the same to me a few weeks back: www.whoadmitsyou.com

It makes me wonder if I need a seperate IM account for technical people and another for 'friends & family'
Andrew W
Thursday, July 05, 2007 8:27:02 PM (Pacific Standard Time, UTC-08:00)
Out of interest.. did it actually tell you who had deleted you?
Andrew W
Thursday, July 05, 2007 9:43:56 PM (Pacific Standard Time, UTC-08:00)
You just have to be so careful what you install these days. And on that note, you'll probably shy away from the following suggestion - understandably so after this experience - but I know of a semi-decent alternative to the above program you stumbled upon (no, I am not in any way affiliated with said program). Perhaps try install it on some sort of test live account (its sad, but I've resorted to that for stuff like this..) if you're skeptical.

Its called MSN Live Plus!
http://www.msgpluslive.net/

Contact List Cleanup:
- If the person has removed you from their list
- Last time they were online
- Last time you spoke to them
Tabbed chat windows (because its a nuisance having 8 windows open when chatting to friends)
Better notifications (do you really need to view notifications for EVERY contact that comes online?)
Some other stuff I don't bother using

Use it, don't use it, your choice.

Enjoy :)
Jonathan
Friday, July 06, 2007 3:40:21 AM (Pacific Standard Time, UTC-08:00)
Scott, I can't believe you also got nailed! I got nailed by this one:
http://dotnet.org.za/ernst/archive/2007/06/18/live-messenger-worm.aspx
Ernst Kuschke
Friday, July 06, 2007 3:40:44 AM (Pacific Standard Time, UTC-08:00)
@Andrew: Yep, it does tell you who deleted your MSN. I got burned by this as well, a week ago.
Steve
Monday, July 23, 2007 1:17:11 PM (Pacific Standard Time, UTC-08:00)
http://www.msnblog.info/ is the same site as well
DS
Thursday, August 30, 2007 4:40:28 AM (Pacific Standard Time, UTC-08:00)
thats great but how do you get rid of it
Ed Roche
Thursday, August 30, 2007 8:38:21 AM (Pacific Standard Time, UTC-08:00)
Just change your Messenger Password on www.passport.com.
Scott Hanselman
Comments are closed.

Contact

  • Scott Hanselman

Sponsors

Hosting By

Dedicated Windows Server Hosting by ORCS Web

On this page...

Tags

Africa (67) ASP.NET (595) ASP.NET Dynamic Data (15) ASP.NET MVC (45) BabySmash (17) Back to Basics (9) Bugs (168) CodeRush (21) Coding4Fun (37) Corillian (26) DasBlog (129) DevCenter (1) DevDays (5) Diabetes (60) DLR (1) eFinance (14) Gaming (113) HttpHandler (16) HttpModule (21) Identity (3) IIS (11) INETA (8) Internationalization (42) IOC (1) Javascript (66) Learning .NET (97) LINQ (16) Longhorn (11) Microsoft (68) Mix (9) Movies (44) MSBuild (1) Musings (478) Nant (39) NCover (12) NDC (11) NDoc (6) NotNorthwind (2) NUnit (46) Open Source (3) PDC (63) PHP (2) Podcast (145) PowerShell (59) Programming (230) Python (1) Reviews (125) Ruby (61) Screencasts (20) Silverlight (28) Source Code (46) Speaking (185) Subversion (14) TechEd (122) Thabo (3) Tools (396) VB (6) ViewState (19) Vista (2) Watir (21) Web Services (429) Windows Client (31) WPF (22) XML (289) XmlSerializer (31) Zenzo (38)

Calendar

<November 2008>
SunMonTueWedThuFriSat
2627282930311
2345678
9101112131415
16171819202122
23242526272829
30123456
Posts in timeline
Posts in Large Calendar

Archives

November, 2008 (10)
October, 2008 (22)
September, 2008 (16)
August, 2008 (14)
July, 2008 (25)
June, 2008 (19)
May, 2008 (17)
April, 2008 (17)
March, 2008 (26)
February, 2008 (21)
January, 2008 (28)
December, 2007 (19)
November, 2007 (17)
October, 2007 (31)
September, 2007 (39)
August, 2007 (37)
July, 2007 (43)
June, 2007 (37)
May, 2007 (32)
April, 2007 (38)
March, 2007 (29)
February, 2007 (46)
January, 2007 (31)
December, 2006 (27)
November, 2006 (31)
October, 2006 (32)
September, 2006 (39)
August, 2006 (34)
July, 2006 (40)
June, 2006 (18)
May, 2006 (31)
April, 2006 (34)
March, 2006 (30)
February, 2006 (38)
January, 2006 (44)
December, 2005 (19)
November, 2005 (34)
October, 2005 (24)
September, 2005 (37)
August, 2005 (20)
July, 2005 (24)
June, 2005 (33)
May, 2005 (16)
April, 2005 (22)
March, 2005 (34)
February, 2005 (15)
January, 2005 (37)
December, 2004 (28)
November, 2004 (30)
October, 2004 (34)
September, 2004 (22)
August, 2004 (34)
July, 2004 (18)
June, 2004 (64)
May, 2004 (49)
April, 2004 (21)
March, 2004 (29)
February, 2004 (29)
January, 2004 (36)
December, 2003 (25)
November, 2003 (24)
October, 2003 (59)
September, 2003 (42)
August, 2003 (24)
July, 2003 (44)
June, 2003 (29)
May, 2003 (21)
April, 2003 (30)
March, 2003 (27)
February, 2003 (47)
January, 2003 (50)
December, 2002 (31)
November, 2002 (38)
October, 2002 (44)
September, 2002 (15)
May, 2002 (2)
April, 2002 (4)

Google Ads