Messenger Spam / Probable Virus - Be Careful; Jonathan Kay - Can you help?

Twice in the past 2 days I have received instant messages with a link to a
website and no accompanying text, pretending to be from one of my contacts.
It was NOT from my contact - I confirmed this with him.

The link - I am "munging" it (so you don't click on it by accident) - is as
follows:

http:// [###] xnetspeed [###] .com BE CAREFUL IF YOU GO TO THIS
SITE!!!

I tried viewing the site and find that none of the "buttons" work (e.g.
"About Us"); it's just a single GIF image that - when you click it - is
associated with a file download action for an executable file.

I am 99.9% certain that the executable file contains malware or a virus.

I am posting here for 2 reasons:
1. To warn others about this scam.
2. To ask if the loophole in Windows Live Messenger that allows this fake
message to be sent can be / (has been) patched.

Thanks & be careful.

Greetings Ian,

It's not a loophole -- your friend is sending this message unknowingly (probably when they're
not at the PC) because the virus has been installed on their PC. Very rarely are these
things sent to me, so I've been unable to see what the latest viruses are doing but it's
currently possible they wait till your system is idle, send the message and then close the
window before you even notice.

Your contact should check their running processes to see if something unusual or something
they can't identify running as its probably that. Running an anti-virus scanner is not good
enough, most Messenger viruses and worms are not detectable as they're constantly changing.

This isn't a new thing, these have existed for years.

--
Jonathan Kay
Microsoft MVP - Windows Live Messenger
MSN Messenger/Windows Messenger
MessengerGeek Blog: http://www.messengergeek.com
Messenger Resources: http://messenger.jonathankay.com
(c) 2008 Jonathan Kay - If redistributing, you must include this signature or citation
--


"Ian" <nospam@xxxxxx> wrote in message news:uKmn1z5aIHA.4208@xxxxxx

nntp://msnews.microsoft.com/microsoft.public.windows.live.messenger/
<nntp://msnews.microsoft.com/microsoft.public.windows.live.messenger/<uK
mn1z5aIHA.4208@xxxxxx>>
<uKmn1z5aIHA.4208@xxxxxx>


_____

NewsGator Inbox attempted to retrieve the web page for this item but
received an error:

The URI prefix is not recognized.

_____

Twice in the past 2 days I have received instant messages with a link to
a
website and no accompanying text, pretending to be from one of my
contacts.
It was NOT from my contact - I confirmed this with him.

The link - I am "munging" it (so you don't click on it by accident) - is
as
follows:

http:// [###] xnetspeed [###] .com BE CAREFUL IF YOU GO TO THIS
SITE!!!

I tried viewing the site and find that none of the "buttons" work (e.g.
"About Us"); it's just a single GIF image that - when you click it - is
associated with a file download action for an executable file.

I am 99.9% certain that the executable file contains malware or a virus.

I am posting here for 2 reasons:
1. To warn others about this scam.
2. To ask if the loophole in Windows Live Messenger that allows this
fake
message to be sent can be / (has been) patched.

Thanks & be careful.





<http://services.newsgator.com/subscr...url=nntp%3a%2f
%2fmsnews.microsoft.com%2fmicrosoft.public.windows.live.messenger%2f%3cu
Kmn1z5aIHA.4208%40TK2MSFTNGP04.phx.gbl%3e%0d> Related...

nntp://msnews.microsoft.com/microsoft.public.windows.live.messenger/
<nntp://msnews.microsoft.com/microsoft.public.windows.live.messenger/<8E
717C85-2F6E-4CB9-AB09-31B73ABE3BDD@xxxxxx>>
<8E717C85-2F6E-4CB9-AB09-31B73ABE3BDD@xxxxxx>


_____

NewsGator Inbox attempted to retrieve the web page for this item but
received an error:

The URI prefix is not recognized.

_____

Greetings Ian,

It's not a loophole -- your friend is sending this message unknowingly
(probably when they're
not at the PC) because the virus has been installed on their PC. Very
rarely are these
things sent to me, so I've been unable to see what the latest viruses
are doing but it's
currently possible they wait till your system is idle, send the message
and then close the
window before you even notice.

Your contact should check their running processes to see if something
unusual or something
they can't identify running as its probably that. Running an anti-virus
scanner is not good
enough, most Messenger viruses and worms are not detectable as they're
constantly changing.

This isn't a new thing, these have existed for years.

--
Jonathan Kay
Microsoft MVP - Windows Live Messenger
MSN Messenger/Windows Messenger
MessengerGeek Blog: http://www.messengergeek.com
Messenger Resources: http://messenger.jonathankay.com
(c) 2008 Jonathan Kay - If redistributing, you must include this
signature or citation
--


"Ian" <nospam@xxxxxx> wrote in message
news:uKmn1z5aIHA.4208@xxxxxx to a website and no NOT from my contact - I is as follows: SITE!!! (e.g. "About Us"); it's a file download virus. fake message to be


<http://services.newsgator.com/subscr...url=nntp%3a%2f
%2fmsnews.microsoft.com%2fmicrosoft.public.windows.live.messenger%2f%3c8
E717C85-2F6E-4CB9-AB09-31B73ABE3BDD%40microsoft.com%3e%0d> Related...

nntp://msnews.microsoft.com/microsoft.public.windows.live.messenger/
<nntp://msnews.microsoft.com/microsoft.public.windows.live.messenger/<2C
AF310396254F8FB51701D00EFB79CA@xxxxxx>>
<2CAF310396254F8FB51701D00EFB79CA@xxxxxx>

nntp://msnews.microsoft.com/microsoft.public.windows.live.messenger/
<nntp://msnews.microsoft.com/microsoft.public.windows.live.messenger/<uK
mn1z5aIHA.4208@xxxxxx>>
<uKmn1z5aIHA.4208@xxxxxx>


_____

NewsGator Inbox attempted to retrieve the web page for this item but
received an error:

The URI prefix is not recognized.

_____

Twice in the past 2 days I have received instant messages with a link to
a
website and no accompanying text, pretending to be from one of my
contacts.
It was NOT from my contact - I confirmed this with him.

The link - I am "munging" it (so you don't click on it by accident) - is
as
follows:

http:// [###] xnetspeed [###] .com BE CAREFUL IF YOU GO TO THIS
SITE!!!

I tried viewing the site and find that none of the "buttons" work (e.g.
"About Us"); it's just a single GIF image that - when you click it - is
associated with a file download action for an executable file.

I am 99.9% certain that the executable file contains malware or a virus.

I am posting here for 2 reasons:
1. To warn others about this scam.
2. To ask if the loophole in Windows Live Messenger that allows this
fake
message to be sent can be / (has been) patched.

Thanks & be careful.





<http://services.newsgator.com/subscr...url=nntp%3a%2f
%2fmsnews.microsoft.com%2fmicrosoft.public.windows.live.messenger%2f%3cu
Kmn1z5aIHA.4208%40TK2MSFTNGP04.phx.gbl%3e%0d> Related...




_____

***RESOURCE NOT FOUND***

nntp://msnews.microsoft.com/microsoft.public.windows.live.messenger/
<nntp://msnews.microsoft.com/microsoft.public.windows.live.messenger/<B7
6F6F391EE84DCD9BA8B3E1494A65D7@xxxxxx>>
<B76F6F391EE84DCD9BA8B3E1494A65D7@xxxxxx>

nntp://msnews.microsoft.com/microsoft.public.windows.live.messenger/
<nntp://msnews.microsoft.com/microsoft.public.windows.live.messenger/<8E
717C85-2F6E-4CB9-AB09-31B73ABE3BDD@xxxxxx>>
<8E717C85-2F6E-4CB9-AB09-31B73ABE3BDD@xxxxxx>


_____

NewsGator Inbox attempted to retrieve the web page for this item but
received an error:

The URI prefix is not recognized.

_____

Greetings Ian,

It's not a loophole -- your friend is sending this message unknowingly
(probably when they're
not at the PC) because the virus has been installed on their PC. Very
rarely are these
things sent to me, so I've been unable to see what the latest viruses
are doing but it's
currently possible they wait till your system is idle, send the message
and then close the
window before you even notice.

Your contact should check their running processes to see if something
unusual or something
they can't identify running as its probably that. Running an anti-virus
scanner is not good
enough, most Messenger viruses and worms are not detectable as they're
constantly changing.

This isn't a new thing, these have existed for years.

--
Jonathan Kay
Microsoft MVP - Windows Live Messenger
MSN Messenger/Windows Messenger
MessengerGeek Blog: http://www.messengergeek.com
Messenger Resources: http://messenger.jonathankay.com
(c) 2008 Jonathan Kay - If redistributing, you must include this
signature or citation
--


"Ian" <nospam@xxxxxx> wrote in message
news:uKmn1z5aIHA.4208@xxxxxx to a website and no NOT from my contact - I is as follows: SITE!!! (e.g. "About Us"); it's a file download virus. fake message to be


<http://services.newsgator.com/subscr...url=nntp%3a%2f
%2fmsnews.microsoft.com%2fmicrosoft.public.windows.live.messenger%2f%3c8
E717C85-2F6E-4CB9-AB09-31B73ABE3BDD%40microsoft.com%3e%0d> Related...




_____

***RESOURCE NOT FOUND***