Recently (Starting from the beginning of the year), I received quite a lot of messages with links from my friends’ Live account on Windows Live Messenger. The messages were sent by my friends’ intention and some of the messages were sent as offline messages.
As discover by a few other bloggers (LiewCf and CyberHQ), the links in the messages will redirect you to a MSN phishing site and ask you to key your Live account’s username and password. The phishing site tries to trick you by showing you “your images” that have been uploaded to Live website if you login into your Live account.
The person’s PC which sent you the unsolicited messages might have infected by virus or spyware. Among my friends who sent me the unsolicited messages, some of them are IT professionals. They are not aware what had happened to their PC. Some of them even do not install antivirus software on their PC and some of their antivirus software’s virus definition database is not up-to-date!
Here is a list of the messages that I have received from my friends:
- Phishing site – hxxp://CooolStufff.com 😀
- Phishing site – hxxp://PictureHostz.com/?user=msn_user_name&image=DSC00684.JPG ?!? … HAHAHA!! 😛
- Phishing site – hxxp://SweeetOfferz.com 😀
- Phishing site – hxxp://Just.LikeItSoMuch.com
- Phishing site – hxxp://PicBuckets.com/?user=msn_user_name&pic=DSC01425.JPG 😀 (A)
- Phishing site – hxxp://img78294.PhotoBukkets.com/?user=msn_user_name&pic=DSC00425.JPG
- Phishing site – hxxp://thats.nicestufff.com
- Phishing site – hxxp://yeah.checkthizz.com/?msn_user_name
- Phishing site – hxxp://my.greatestpicz.com/?msn_user_name
- Phishing site – hxxp://ImageTalez.com/?user=msn_user_name&image=DSC00245.JPG ?!? … HAHAHA!! 😛
- Phishing site – hxxp://img168.ImageStickz.com/?user=msn_user_name&image=DSC00678.JPG ?!? … HAHAHA!! 😛
- Virus site – damn, saw naked pics of yours or maybe the one in pic is similar to you …. crazy lol hxxp://my-secret-gallery-download.com/pic_gallery.html
- Spam message – I am done trying all the different fat burner pills out there. I finally found one pill that forces your body to drop a lot of weight very quickly. Its called Acai, costs just 5 dolars and I always order from hxxp://ridelock.com
- Spam message – do u send me “Ever since Derek and I seen those Acai pills on Cnn and Oprah we have been taking them and losing so much weight so fast with no diets or excercise , we are living proof that it works like magic and they are only five dollars now to try from hxxp://dotedote.com”?
- Spam message – Did you see the Acai Berry pills on Oprah the other day. I found a good source for 5 dollars. They really do work because I lost 6 pounds in a week. Try it too hxxp://tealrears.com
- Spam message – I got so many messages about those acai berry pills that I decided to order them and guess what? I lost 23 pounds so far and its only been two weeks. I am living proof that they work and best part was, they only cost me five dollars to try over at hxxp://greatcan.com
- Spam message – A word of advice from a friend here, I ordered those acai pills that I kept hearing about from everyone and on oprah too, well its been two weeks now and I lose 22 pounds and still losing more, I am living proof that they do work, try them for only five dollars at hxxp://lampbed.com
Note the website URL “http” has been replaced with “hxxp”.
Some of the identical behaviors of the above websites are:
- Ask you to enter your Live/MSN/Hotmail username and password so that the website can show your something (e.g. image and videos).
- Redirect you to your localhost but remain the same domain.
- Redirect you to your MSN’s website but remain the same domain.
What you need to do when you receive this kind of messages:
- Ask your friend if he or she sent you the message before you open the link. If he or she did not send the link, you should tell he or she that his or her PC might be infected by virus or spyware and ask he or she to install a good antivirus to scan their PC for spyware and virus. I’m using AVG Free antivirus which is pretty good and fast.
- Do not open the link. If your still want to try your luck to open the link, do it with Firefox or Google Chrome. Do not use Internet Explorer because it enables VB-Scripts which allow malicious software to be installed automatically to your computer.
- Do not download any executable file (e.g. exe file and exe in zip file) or screen saver (with file extension .scr) from the site.
- Ask your friend to change his or her account password.
If you found a similar message that might harm user’s PC, you can let me know by leaving your comment here and I will update the list above so that everyone aware about it. Help me to help others 🙂