MSN For You - MSN Messenger Worm Virus Self Phishing Replicating Evil

July 5, '07 Comments [26] Posted in Musings

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

About Newsletter

Sponsored By

Hosting By

Comments [26]

Share on: Twitter, Facebook, Google+ or use the Permalink

Thursday, July 05, 2007 7:01:40 PM UTC

ah, well -no real damage done Scott -I do admire u owning up to getting caught thou. Good on ye! :)

Dazza

Thursday, July 05, 2007 7:09:09 PM UTC

Well at least it was from a friend, that's a bit of an excuse. A while back I blogged about MS starting a swear filter on their email, and that post has become a magnet for the gulible. The comments are sad/funny depending on your view. I keep saying it's a scam, but more and more people are posting their MS Lottery spams there and asking if it's real.

So you're not that bad... heh.

BarryD

Thursday, July 05, 2007 7:41:18 PM UTC

Thanks for the heads up on this. With this happening to you and you blogging about it, you have probably saved an exponential number of people.

Phillip

Thursday, July 05, 2007 8:22:55 PM UTC

@BarryD - WTF? How did that first guy decide that you were some kind of expert on the "Microsoft Lottery" or whatever that was? (I get how the subsequent posts happened; Looking at your search engine referrals probably explain it well enough).

@Scott - You can't technically call this phishing, can you? I would think that the defining characteristic of phishing is a site purporting they're someone they're not. In this case, the site was honest, they just weren't entirely up front with their intentions to abuse your Messenger account. More of a con than phish, I think.

Cam Soper

Thursday, July 05, 2007 8:29:02 PM UTC

Wow! Well, I guess if you can get caught out, then anybody can get caught out.

I had a similar experience two years ago. I cannot remember what site it was or why I did it, but I gave my Messenger user name and password to a website. Before I knew it, all my Hotmail contacts received an email similar to the one that trapped me. I vowed never to supply my credentials to a site that I do not trust.

Trumpi

Thursday, July 05, 2007 8:57:18 PM UTC

Scott,

Do you mean that you gave your MSN password to this web site??

I'm very hesitant to share my password with anybody, especially with unknown people and organizations (web sites).

Dennis Gorelik

Thursday, July 05, 2007 9:02:07 PM UTC

You may be interested to know that when I pasted the message:

"Wow. I just got nailed. A trusted friend sent me a standard "check this out" instant message on MSN saying I should take a look at a site called http://www.newmsnlive.info also known as http://www.msnforyou.info and http://www.get-messenger.com."

It didn't show the message to my MSN chat buddy. I think MSN must be filtering them by some blacklist, recognizing those URLs as bad ones.

Zeltzer

Thursday, July 05, 2007 9:06:00 PM UTC

Dennis - Yes, and this is why I'm an idiot today.

Zelter - Excellent. Then the word has gotten out.

Scott Hanselman

Thursday, July 05, 2007 9:09:21 PM UTC

You know, three years ago I used to get messages exactly like that all the time from people. It's not a new thing, I wonder why it only just got blacklisted, well, today?

Demerzel

Thursday, July 05, 2007 9:41:10 PM UTC

It got blacklisted today because I got one of these messages from Scott and forwarded the URLs on to the Messenger team.

Ry Jones

Thursday, July 05, 2007 9:43:43 PM UTC

It happens to the best of us, and the worst of us.

Haacked

Thursday, July 05, 2007 9:58:31 PM UTC

The more interesting thing is how some unscrupulous web site got you to cough up your personal information in the form of your contacts list. They even got you to authorize a mass message sent to everyone on your list pimping their bile while looking like it came from you. (A trick that worked so well that when you got one you didn't hesitate to click it because it came from, as you said, a trusted friend.)

It wasn't a clever piece of code that hacked your account. Instead, it was some brilliant social engineering. Playing on your, and everyone else's that they duped, ego. "Of course I want to know who has blocked me from their life! I will willingly release control of my account, just give me the goods."

Genius.

Jason

Thursday, July 05, 2007 9:59:30 PM UTC

Well said! Good points all. It was an ego-phish!

Scott Hanselman

Thursday, July 05, 2007 10:06:57 PM UTC

This reminds of something similar a few years back. There was an e-mail going around that had words to the effect that "somebody you know has a secret crush on you; enter the e-mail address of who you think it might be to see if you are right." Of course, the same message got sent to *those* people, and so on.

Leo

Thursday, July 05, 2007 10:33:44 PM UTC

Scott sent me another URL, and it's been blocked as well. If anyone has different URLs, please email me directly and I will pass them along to the Messenger team.

Ry Jones

Thursday, July 05, 2007 11:05:19 PM UTC

Ouch, that hurts.

It sounds like you don't have antiphishing built into your internet security program... Or are you using an internet security program, and which one if you don't mind my asking?

I just posted an article about internet security because Norton did not pick up MalwareAlarm on both my home computers and neither did McAfee on my work computer.

I did a controlled test with Panda's Internet Security suite (tried to install it to see which security programs would catch it), and it was was the only one that truly caught it... along with an attempt from one of my neighbors to hijack my wifi network... along with a defragmentation attack that was hitting my hard drive every few minutes (and I was thinking it was time to buy a new hard drive)!!

It has antiphishing and web site content filtering built in as well - which sounds like something you might want to take a look at ;-)

Here's the article if you don't mind my posting a link: Norton and McAfee Failed to Protect My System from Malware and Viruses

Rick Palmer

Thursday, July 05, 2007 11:13:51 PM UTC

Interestingly, this morning, neither IE nor Firefox's Phishing filter picked it up...they do now though.

Scott Hanselman

Thursday, July 05, 2007 11:21:06 PM UTC

The only question I have is: Did they let you use a strong password?

Joe Brinkman

Friday, July 06, 2007 4:19:24 AM UTC

A far more amatuer looking site tried to do the same to me a few weeks back: www.whoadmitsyou.com

It makes me wonder if I need a seperate IM account for technical people and another for 'friends & family'

Andrew W

Friday, July 06, 2007 4:27:02 AM UTC

Out of interest.. did it actually tell you who had deleted you?

Andrew W

Friday, July 06, 2007 5:43:56 AM UTC

You just have to be so careful what you install these days. And on that note, you'll probably shy away from the following suggestion - understandably so after this experience - but I know of a semi-decent alternative to the above program you stumbled upon (no, I am not in any way affiliated with said program). Perhaps try install it on some sort of test live account (its sad, but I've resorted to that for stuff like this..) if you're skeptical.

Its called MSN Live Plus!
http://www.msgpluslive.net/

Contact List Cleanup:
- If the person has removed you from their list
- Last time they were online
- Last time you spoke to them
Tabbed chat windows (because its a nuisance having 8 windows open when chatting to friends)
Better notifications (do you really need to view notifications for EVERY contact that comes online?)
Some other stuff I don't bother using

Use it, don't use it, your choice.

Enjoy :)