Windows Vista Forums
Vista Forums Home Join Vista Forums Windows 7 Forum Vista Tutorials Tags
Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks.

Go Back   Vista Forums > Windows Live > Live Messenger

Vista - Messenger Spam / Probable Virus - Be Careful; Jonathan Kay - Can you help?

Reply
 
Old 02-09-2008   #1 (permalink)
Ian


 
 

Messenger Spam / Probable Virus - Be Careful; Jonathan Kay - Can you help?

Twice in the past 2 days I have received instant messages with a link to a
website and no accompanying text, pretending to be from one of my contacts.
It was NOT from my contact - I confirmed this with him.

The link - I am "munging" it (so you don't click on it by accident) - is as
follows:

http:// [###] xnetspeed [###] .com BE CAREFUL IF YOU GO TO THIS
SITE!!!

I tried viewing the site and find that none of the "buttons" work (e.g.
"About Us"); it's just a single GIF image that - when you click it - is
associated with a file download action for an executable file.

I am 99.9% certain that the executable file contains malware or a virus.

I am posting here for 2 reasons:
1. To warn others about this scam.
2. To ask if the loophole in Windows Live Messenger that allows this fake
message to be sent can be / (has been) patched.

Thanks & be careful.



My System SpecsSystem Spec
Old 02-10-2008   #2 (permalink)
Jonathan Kay [MVP]


 
 

Re: Messenger Spam / Probable Virus - Be Careful; Jonathan Kay - Can you help?

Greetings Ian,

It's not a loophole -- your friend is sending this message unknowingly (probably when they're
not at the PC) because the virus has been installed on their PC. Very rarely are these
things sent to me, so I've been unable to see what the latest viruses are doing but it's
currently possible they wait till your system is idle, send the message and then close the
window before you even notice.

Your contact should check their running processes to see if something unusual or something
they can't identify running as its probably that. Running an anti-virus scanner is not good
enough, most Messenger viruses and worms are not detectable as they're constantly changing.

This isn't a new thing, these have existed for years.

--
Jonathan Kay
Microsoft MVP - Windows Live Messenger
MSN Messenger/Windows Messenger
MessengerGeek Blog: http://www.messengergeek.com
Messenger Resources: http://messenger.jonathankay.com
(c) 2008 Jonathan Kay - If redistributing, you must include this signature or citation
--


"Ian" <nospam@xxxxxx> wrote in message news:uKmn1z5aIHA.4208@xxxxxx
Quote:

> Twice in the past 2 days I have received instant messages with a link to a website and no
> accompanying text, pretending to be from one of my contacts. It was NOT from my contact - I
> confirmed this with him.
>
> The link - I am "munging" it (so you don't click on it by accident) - is as follows:
>
> http:// [###] xnetspeed [###] .com BE CAREFUL IF YOU GO TO THIS SITE!!!
>
> I tried viewing the site and find that none of the "buttons" work (e.g. "About Us"); it's
> just a single GIF image that - when you click it - is associated with a file download
> action for an executable file.
>
> I am 99.9% certain that the executable file contains malware or a virus.
>
> I am posting here for 2 reasons:
> 1. To warn others about this scam.
> 2. To ask if the loophole in Windows Live Messenger that allows this fake message to be
> sent can be / (has been) patched.
>
> Thanks & be careful.
>
My System SpecsSystem Spec
Old 02-11-2008   #3 (permalink)
Dale K


 
 

Messenger Spam / Probable Virus - Be Careful; Jonathan Kay - Can you help?

nntp://msnews.microsoft.com/microsoft.public.windows.live.messenger/
<nntp://msnews.microsoft.com/microsoft.public.windows.live.messenger/<uK
mn1z5aIHA.4208@xxxxxx>>
<uKmn1z5aIHA.4208@xxxxxx>


_____

NewsGator Inbox attempted to retrieve the web page for this item but
received an error:

The URI prefix is not recognized.

_____

Twice in the past 2 days I have received instant messages with a link to
a
website and no accompanying text, pretending to be from one of my
contacts.
It was NOT from my contact - I confirmed this with him.

The link - I am "munging" it (so you don't click on it by accident) - is
as
follows:

http:// [###] xnetspeed [###] .com BE CAREFUL IF YOU GO TO THIS
SITE!!!

I tried viewing the site and find that none of the "buttons" work (e.g.
"About Us"); it's just a single GIF image that - when you click it - is
associated with a file download action for an executable file.

I am 99.9% certain that the executable file contains malware or a virus.

I am posting here for 2 reasons:
1. To warn others about this scam.
2. To ask if the loophole in Windows Live Messenger that allows this
fake
message to be sent can be / (has been) patched.

Thanks & be careful.





<http://services.newsgator.com/subscr...url=nntp%3a%2f
%2fmsnews.microsoft.com%2fmicrosoft.public.windows.live.messenger%2f%3cu
Kmn1z5aIHA.4208%40TK2MSFTNGP04.phx.gbl%3e%0d> Related...



My System SpecsSystem Spec
Old 02-11-2008   #4 (permalink)
Dale K


 
 

Messenger Spam / Probable Virus - Be Careful; Jonathan Kay - Can you help?

nntp://msnews.microsoft.com/microsoft.public.windows.live.messenger/
<nntp://msnews.microsoft.com/microsoft.public.windows.live.messenger/<2C
AF310396254F8FB51701D00EFB79CA@xxxxxx>>
<2CAF310396254F8FB51701D00EFB79CA@xxxxxx>

nntp://msnews.microsoft.com/microsoft.public.windows.live.messenger/
<nntp://msnews.microsoft.com/microsoft.public.windows.live.messenger/<uK
mn1z5aIHA.4208@xxxxxx>>
<uKmn1z5aIHA.4208@xxxxxx>


_____

NewsGator Inbox attempted to retrieve the web page for this item but
received an error:

The URI prefix is not recognized.

_____

Twice in the past 2 days I have received instant messages with a link to
a
website and no accompanying text, pretending to be from one of my
contacts.
It was NOT from my contact - I confirmed this with him.

The link - I am "munging" it (so you don't click on it by accident) - is
as
follows:

http:// [###] xnetspeed [###] .com BE CAREFUL IF YOU GO TO THIS
SITE!!!

I tried viewing the site and find that none of the "buttons" work (e.g.
"About Us"); it's just a single GIF image that - when you click it - is
associated with a file download action for an executable file.

I am 99.9% certain that the executable file contains malware or a virus.

I am posting here for 2 reasons:
1. To warn others about this scam.
2. To ask if the loophole in Windows Live Messenger that allows this
fake
message to be sent can be / (has been) patched.

Thanks & be careful.





<http://services.newsgator.com/subscr...url=nntp%3a%2f
%2fmsnews.microsoft.com%2fmicrosoft.public.windows.live.messenger%2f%3cu
Kmn1z5aIHA.4208%40TK2MSFTNGP04.phx.gbl%3e%0d> Related...




_____

***RESOURCE NOT FOUND***



My System SpecsSystem Spec
Reply

Thread Tools


Similar Threads
Thread Forum
RE: Messenger virus or security vulnerability Live Messenger
messenger virus Live Messenger
Messenger 2008 Virus: HELP! Live Messenger
messenger live virus ? Live Messenger
Virus updates & messenger connection problems Vista networking & sharing


Vista Forums is an independent web site and has not been authorized,
sponsored, or otherwise approved by Microsoft Corporation.
"Windows Vista", the Start Orb, and related materials are trademarks of Microsoft Corp.
© Designer Media Ltd

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46