Instant messaging programs under attack
Fake software claims to give insight into ‘who’s blocking who’
Cybercriminals are finding new ways to abuse MSN Messenger and Windows Live Messenger. G Data’s SecurityLabs recently noticed an increase in spam and phishing sites related to these instant messaging services. At the moment a new wave of spam with fake friend requests is taking place. The security experts have also spotted another brand new trend: fake services that supposedly uncover disloyal messenger friends.The e-mails flooding inboxes all over the world lure the recipients with subject lines like:
· THEODORA BOUCHER added you as a friend on Windows Live
· Silje HUTCHINSON added you as a friend on Windows Live
· ADELINA Keene added you as a friend on Windows Live
The list of different names seems endless. The included links lead to a software selling site with a Russian TLD: buy-softwarestore.ru. This store is known to operate with various similar domains to attract customers with unrealistically low prices for high quality software products. The goal of the scammers is to obtain personal information and credit card details from people who attempt to buy the cheap software from the site.
Apart from these fake friend requests, a new phishing scheme was discovered by G Data’s SecurityLabs. The phishers try to get IM user credentials by offering special IM-spy services. There are two different services on offer. By providing your account’s user name and password you may…
· See a list of all users who blocked your account
· See a list of people who deleted your account from their list of friends
Eddy Willems, Security Evangelist and part of G Data’s SecurityLabs tested these services: “We created an account to try out these services (“Michael”). The results were as to be expected: disappointing. The “who-blocked-you” service was not able to identify that, from the two contacts on our list, one actually blocked Michael and one did not. The names were both listed.”
Eddy continues: “The “who-deleted-you” service did not even post any information about contacts – it just asked us to wait until the page was completely loaded. Well, it was loaded immediately and nothing else happened.”
“What will happen with the Michael account, now that the login details are in the hands of these scammers, remains to be revealed. Possibly Michael, with his mere two contacts, is not an interesting enough target for these cybercriminals to put any effort into. Most IM accounts hold many contacts, that include e-mail addresses and sometimes even more information about your friends. It’s not a good idea to share that information with cybercriminals,” concludes Eddy.
Contacto de prensa
G Data Software AG
Ignacio Heras
Public Relations Manager (Iberia)
Francisco Giralte, 2 (esq. Príncipe de Vergara, 118)
Madrid 28002
Telf.: (+34) 917453073
Fax: (+34) 91 745 30 74
E-mail:
