Jared Morrison
24/3/08 06:56:15 PM
Serf
|
My friend seems to have a virus on MSN that I'm not familiar with at all. When she signed off before her offline account sent me a link to http://*heremailnamehere*.images.03kem.info
The link asks for your E-Mail address and password in order to view some images. Obviously I didn't log into it. She soon signed back online and I told her about it, and she had no idea it sent. She had to go soon after, and signed off again. This time no link was sent.
Any idea what this is and how she could get rid of it? Thanks.
EDIT: A few hours later I went to shower. Came back to the comp and had this message from her...
'hey whats up? check this out !!!
http://cool.smy9.info
brb...'
Didn't click the link at all. She was set to offline when I got there, so I assume she must've signed on while I was away, left, and then that happened.
Edited by Jared Morrison: 24/3/2008 08:57:23 PM -----
|
Midnighter
24/3/08 10:54:17 PM
Immortal
|
Does she have anti-virus? Tell her to update and scan her machine for starters. -----
-As the days go by, we face the increasing inevitability that we are alone in a Godless, uninhabited, hostile and meaningless universe. Still, you've got to laugh, haven't you?
-We all need help with our feelings. Otherwise, we bottle them up, and bef
|
Jared Morrison
24/3/08 11:10:58 PM
Serf
|
Not sure, I didn't ask because she had to leave.
Oh, quick note... She has a Mac, if that's at all relevant. -----
|
Altus
25/3/08 03:19:16 AM
Serf
|
The same thing just happened to me. A friend sent, from what I noticed, a message offline, with an url similar to the one you got first. I guess that if I would fill in my mail and password on that site my msn contacts would start get the same messages from me. You should tell her to change her hotmailpassword and ask her if she has filled in her hotmailpassword on any suspect sites.
/Maark -----
|
iamthemaxx
25/3/08 10:48:58 AM
Mod
SuperHero
Immortal
|
Quote by Jared Morrison
Not sure, I didn't ask because she had to leave.
Oh, quick note... She has a Mac, if that's at all relevant.
Faaaark.
Tell her to ditch that piece of shit MSN client and use Adium.
That will fix her problems. -----
|
artr
25/3/08 11:47:05 AM
Serf
|
If she changes her password it should be fine, because from what i can see the website just logs your username and password. -----
|
Master_Scythe
26/3/08 04:54:18 PM
Titan
|
drop MSN from the MAC.
its not good.
if your on a PC and dont use webcam or voice, drop it fomr the PC too and use PIDGIN.
anywho...
I got one the other day from a very IT savvy friend, which sinmply pointed to a chinese sales site, he sai 'wow nice prices! *link*' when he went offline, just like you say.
I dunno whats doing it, it only happened once, but it seems wide spread, and from the types of peolpe who are getting it (a mac user, and an IT guru) it seems unlikey its an executable virus... maybe theres a vulerability in MSN itself to run a script or somethign once off? like via custom emotes or something?
interested to know though. caus someone has gone to real effort to get it to run on mac and PC (as i said, probably a vulnerability in the actual MSn itself not the OS).
I wish people would learn, if you dont need it, dont click it.
do you need to see pic of you? no? you can see yourself any time? DONT FUCKING CLICK! -----
4200+X2 939, ASUS A8N-SLI-Deluxe, Ati HD3850, 1gb, 500GB WD SATA, 36GB SATA RAPTOR, 109 DVD, LG DVD-rom.
Quote by Girvo
I've got a wicked tiny one that is ridiculously sensitive.
|
Fat_Bodybuilder
26/3/08 05:39:53 PM
Guru
|
You sure that she didn't just install some spyware / adware that integrates with MSN to spam all the people on her contact list? -----
|
superfireydave
27/3/08 05:21:50 AM
Titan
|
Quote by Fat_Bodybuilder
You sure that she didn't just install some spyware / adware that integrates with MSN to spam all the people on her contact list?
That's what the OP is saying >_>
Also: one of my friends has it too. -----
Mreow?
|
Cynic*
27/3/08 03:55:40 PM
Banned
|
I don't think the problem is MSN, the problem is that she's an idiot and downloaded something stupid.
No offense. -----
.__
____ ___.__. ____ |__| ____ *
_/ ___< | |/ \| |/ ___\
\ \___\___ | | \ \ \___
\___ > ____|___| /__|\___ >
\/\/ \/ \/
|
SquallStrife
28/3/08 10:32:56 AM
Titan
|
I got a message from one of my contacts last night "Is this seriously you? :S http://someURL.thatlookslike.geocities/?image=myemail@address.com"
People will click anything. -----
Wanna play your old consoles, but hate RF?
http://retro.squallstrife.net - Your one stop AV mod shop.
[under construction]
|
.:Cyb3rGlitch:.
28/3/08 07:11:16 PM
Titan
|
I doubt it's a virus, this probably doesn't even have anything to do with the MSN client. This is what probably happened:
1. Someone has set up a phishing site which tricks people to enter their username and password to see "something cool" etc.
2. The site steals these details and uses them to log into your MSN and spread the link
3. More people click the link, enter the details, and it spreads...
Solution? Try anti-virus, and if that doesn't work then ask your friend to change her MSN password.
Edited by .:Cyb3rGlitch:.: 28/3/2008 7:12:13 PM -----
Being a fanboy has many pitfalls:
- People lose respect for you
- You miss out on the better product
- You get nothing in return for your "loyalty"
|
SquallStrife
29/3/08 01:24:48 PM
Titan
|
Quote by .:Cyb3rGlitch:.
I doubt it's a virus, this probably doesn't even have anything to do with the MSN client. This is what probably happened:
1. Someone has set up a phishing site which tricks people to enter their username and password to see "something cool" etc.
2. The site steals these details and uses them to log into your MSN and spread the link
3. More people click the link, enter the details, and it spreads...
Solution? Try anti-virus, and if that doesn't work then ask your friend to change her MSN password.
Edited by .:Cyb3rGlitch:.: 28/3/2008 7:12:13 PM
Actually, I typed the link, in my sandbox VM, and it downloads a file called IMG0000.JPG-live.messenger.com (sometimes the IMG0000 number changes), which when run, puts a file called msn.com in %SYSTEMROOT% and adds it to HKLM\Software\MS\Windows\Currentversion\Run.
The host in the URL also changes, as the free hosting providers it uses shut the accounts down.
Not sure exactly what MSN.COM actually does, i just turned the vm off, and rolled back the disk changes.
Also, the link doesn't ask you for your password.
So a virus, yes. But beyond that... dunno. -----
Wanna play your old consoles, but hate RF?
http://retro.squallstrife.net - Your one stop AV mod shop.
[under construction]
|
.:Cyb3rGlitch:.
29/3/08 01:27:10 PM
Titan
|
I see. Many MSN 'viruses' are what I described though. Seems like this girl got unlucky. :S -----
Being a fanboy has many pitfalls:
- People lose respect for you
- You miss out on the better product
- You get nothing in return for your "loyalty"
|
. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.