Windows Vista Forums
Vista Forums Home Join Vista Forums Donate Vista Tutorials Tags

Welcome to Vista Forums we are your forum to discuss Windows Vista x64 and x86 systems. Whether you need help or just want to post an idea you have on Vista, this is the forum for you.
Register at Vista forums...the world biggest Windows Vista resource Join Vista Forums Now

Go Back   Vista Forums > Windows Live > Live Messenger

Messenger Spam / Probable Virus - Be Careful; Jonathan Kay - Can you help?

Update your Vista Drivers Update Your Drivers Now!!
Reply
 
Thread Tools Display Modes
Old 02-09-2008   #1 (permalink)
Ian
Guest


 

Messenger Spam / Probable Virus - Be Careful; Jonathan Kay - Can you help?

Twice in the past 2 days I have received instant messages with a link to a
website and no accompanying text, pretending to be from one of my contacts.
It was NOT from my contact - I confirmed this with him.

The link - I am "munging" it (so you don't click on it by accident) - is as
follows:

http:// [###] xnetspeed [###] .com BE CAREFUL IF YOU GO TO THIS
SITE!!!

I tried viewing the site and find that none of the "buttons" work (e.g.
"About Us"); it's just a single GIF image that - when you click it - is
associated with a file download action for an executable file.

I am 99.9% certain that the executable file contains malware or a virus.

I am posting here for 2 reasons:
1. To warn others about this scam.
2. To ask if the loophole in Windows Live Messenger that allows this fake
message to be sent can be / (has been) patched.

Thanks & be careful.



My System SpecsSystem Spec
Old 02-10-2008   #2 (permalink)
Jonathan Kay [MVP]
Guest


 

Re: Messenger Spam / Probable Virus - Be Careful; Jonathan Kay - Can you help?

Greetings Ian,

It's not a loophole -- your friend is sending this message unknowingly (probably when they're
not at the PC) because the virus has been installed on their PC. Very rarely are these
things sent to me, so I've been unable to see what the latest viruses are doing but it's
currently possible they wait till your system is idle, send the message and then close the
window before you even notice.

Your contact should check their running processes to see if something unusual or something
they can't identify running as its probably that. Running an anti-virus scanner is not good
enough, most Messenger viruses and worms are not detectable as they're constantly changing.

This isn't a new thing, these have existed for years.

--
Jonathan Kay
Microsoft MVP - Windows Live Messenger
MSN Messenger/Windows Messenger
MessengerGeek Blog: http://www.messengergeek.com
Messenger Resources: http://messenger.jonathankay.com
(c) 2008 Jonathan Kay - If redistributing, you must include this signature or citation
--


"Ian" <nospam@xxxxxx> wrote in message news:uKmn1z5aIHA.4208@xxxxxx
Quote:

> Twice in the past 2 days I have received instant messages with a link to a website and no
> accompanying text, pretending to be from one of my contacts. It was NOT from my contact - I
> confirmed this with him.
>
> The link - I am "munging" it (so you don't click on it by accident) - is as follows:
>
> http:// [###] xnetspeed [###] .com BE CAREFUL IF YOU GO TO THIS SITE!!!
>
> I tried viewing the site and find that none of the "buttons" work (e.g. "About Us"); it's
> just a single GIF image that - when you click it - is associated with a file download
> action for an executable file.
>
> I am 99.9% certain that the executable file contains malware or a virus.
>
> I am posting here for 2 reasons:
> 1. To warn others about this scam.
> 2. To ask if the loophole in Windows Live Messenger that allows this fake message to be
> sent can be / (has been) patched.
>
> Thanks & be careful.
>
My System SpecsSystem Spec
Old 02-11-2008   #3 (permalink)
Dale K
Guest


 

Messenger Spam / Probable Virus - Be Careful; Jonathan Kay - Can you help?

nntp://msnews.microsoft.com/microsoft.public.windows.live.messenger/
<nntp://msnews.microsoft.com/microsoft.public.windows.live.messenger/<uK
mn1z5aIHA.4208@xxxxxx>>
<uKmn1z5aIHA.4208@xxxxxx>


_____

NewsGator Inbox attempted to retrieve the web page for this item but
received an error:

The URI prefix is not recognized.

_____

Twice in the past 2 days I have received instant messages with a link to
a
website and no accompanying text, pretending to be from one of my
contacts.
It was NOT from my contact - I confirmed this with him.

The link - I am "munging" it (so you don't click on it by accident) - is
as
follows:

http:// [###] xnetspeed [###] .com BE CAREFUL IF YOU GO TO THIS
SITE!!!

I tried viewing the site and find that none of the "buttons" work (e.g.
"About Us"); it's just a single GIF image that - when you click it - is
associated with a file download action for an executable file.

I am 99.9% certain that the executable file contains malware or a virus.

I am posting here for 2 reasons:
1. To warn others about this scam.
2. To ask if the loophole in Windows Live Messenger that allows this
fake
message to be sent can be / (has been) patched.

Thanks & be careful.





<http://services.newsgator.com/subscr...url=nntp%3a%2f
%2fmsnews.microsoft.com%2fmicrosoft.public.windows.live.messenger%2f%3cu
Kmn1z5aIHA.4208%40TK2MSFTNGP04.phx.gbl%3e%0d> Related...



My System SpecsSystem Spec
Old 02-11-2008   #4 (permalink)
Dale K
Guest


 

Re: Messenger Spam / Probable Virus - Be Careful; Jonathan Kay - Can you help?

nntp://msnews.microsoft.com/microsoft.public.windows.live.messenger/
<nntp://msnews.microsoft.com/microsoft.public.windows.live.messenger/<8E
717C85-2F6E-4CB9-AB09-31B73ABE3BDD@xxxxxx>>
<8E717C85-2F6E-4CB9-AB09-31B73ABE3BDD@xxxxxx>


_____

NewsGator Inbox attempted to retrieve the web page for this item but
received an error:

The URI prefix is not recognized.

_____

Greetings Ian,

It's not a loophole -- your friend is sending this message unknowingly
(probably when they're
not at the PC) because the virus has been installed on their PC. Very
rarely are these
things sent to me, so I've been unable to see what the latest viruses
are doing but it's
currently possible they wait till your system is idle, send the message
and then close the
window before you even notice.

Your contact should check their running processes to see if something
unusual or something
they can't identify running as its probably that. Running an anti-virus
scanner is not good
enough, most Messenger viruses and worms are not detectable as they're
constantly changing.

This isn't a new thing, these have existed for years.

--
Jonathan Kay
Microsoft MVP - Windows Live Messenger
MSN Messenger/Windows Messenger
MessengerGeek Blog: http://www.messengergeek.com
Messenger Resources: http://messenger.jonathankay.com
(c) 2008 Jonathan Kay - If redistributing, you must include this
signature or citation
--


"Ian" <nospam@xxxxxx> wrote in message
news:uKmn1z5aIHA.4208@xxxxxx
Quote:

> Twice in the past 2 days I have received instant messages with a link
to a website and no
Quote:

> accompanying text, pretending to be from one of my contacts. It was
NOT from my contact - I
Quote:

> confirmed this with him.
>
> The link - I am "munging" it (so you don't click on it by accident) -
is as follows:
Quote:

>
> http:// [###] xnetspeed [###] .com BE CAREFUL IF YOU GO TO THIS
SITE!!!
Quote:

>
> I tried viewing the site and find that none of the "buttons" work
(e.g. "About Us"); it's
Quote:

> just a single GIF image that - when you click it - is associated with
a file download
Quote:

> action for an executable file.
>
> I am 99.9% certain that the executable file contains malware or a
virus.
Quote:

>
> I am posting here for 2 reasons:
> 1. To warn others about this scam.
> 2. To ask if the loophole in Windows Live Messenger that allows this
fake message to be
Quote:

> sent can be / (has been) patched.
>
> Thanks & be careful.
>



<http://services.newsgator.com/subscr...url=nntp%3a%2f
%2fmsnews.microsoft.com%2fmicrosoft.public.windows.live.messenger%2f%3c8
E717C85-2F6E-4CB9-AB09-31B73ABE3BDD%40microsoft.com%3e%0d> Related...



My System SpecsSystem Spec
Old 02-11-2008   #5 (permalink)
Dale K
Guest


 

Messenger Spam / Probable Virus - Be Careful; Jonathan Kay - Can you help?

nntp://msnews.microsoft.com/microsoft.public.windows.live.messenger/
<nntp://msnews.microsoft.com/microsoft.public.windows.live.messenger/<2C
AF310396254F8FB51701D00EFB79CA@xxxxxx>>
<2CAF310396254F8FB51701D00EFB79CA@xxxxxx>

nntp://msnews.microsoft.com/microsoft.public.windows.live.messenger/
<nntp://msnews.microsoft.com/microsoft.public.windows.live.messenger/<uK
mn1z5aIHA.4208@xxxxxx>>
<uKmn1z5aIHA.4208@xxxxxx>


_____

NewsGator Inbox attempted to retrieve the web page for this item but
received an error:

The URI prefix is not recognized.

_____

Twice in the past 2 days I have received instant messages with a link to
a
website and no accompanying text, pretending to be from one of my
contacts.
It was NOT from my contact - I confirmed this with him.

The link - I am "munging" it (so you don't click on it by accident) - is
as
follows:

http:// [###] xnetspeed [###] .com BE CAREFUL IF YOU GO TO THIS
SITE!!!

I tried viewing the site and find that none of the "buttons" work (e.g.
"About Us"); it's just a single GIF image that - when you click it - is
associated with a file download action for an executable file.

I am 99.9% certain that the executable file contains malware or a virus.

I am posting here for 2 reasons:
1. To warn others about this scam.
2. To ask if the loophole in Windows Live Messenger that allows this
fake
message to be sent can be / (has been) patched.

Thanks & be careful.





<http://services.newsgator.com/subscr...url=nntp%3a%2f
%2fmsnews.microsoft.com%2fmicrosoft.public.windows.live.messenger%2f%3cu
Kmn1z5aIHA.4208%40TK2MSFTNGP04.phx.gbl%3e%0d> Related...




_____

***RESOURCE NOT FOUND***



My System SpecsSystem Spec
Old 02-11-2008   #6 (permalink)
Dale K
Guest


 

Re: Messenger Spam / Probable Virus - Be Careful; Jonathan Kay - Can you help?

nntp://msnews.microsoft.com/microsoft.public.windows.live.messenger/
<nntp://msnews.microsoft.com/microsoft.public.windows.live.messenger/<B7
6F6F391EE84DCD9BA8B3E1494A65D7@xxxxxx>>
<B76F6F391EE84DCD9BA8B3E1494A65D7@xxxxxx>

nntp://msnews.microsoft.com/microsoft.public.windows.live.messenger/
<nntp://msnews.microsoft.com/microsoft.public.windows.live.messenger/<8E
717C85-2F6E-4CB9-AB09-31B73ABE3BDD@xxxxxx>>
<8E717C85-2F6E-4CB9-AB09-31B73ABE3BDD@xxxxxx>


_____

NewsGator Inbox attempted to retrieve the web page for this item but
received an error:

The URI prefix is not recognized.

_____

Greetings Ian,

It's not a loophole -- your friend is sending this message unknowingly
(probably when they're
not at the PC) because the virus has been installed on their PC. Very
rarely are these
things sent to me, so I've been unable to see what the latest viruses
are doing but it's
currently possible they wait till your system is idle, send the message
and then close the
window before you even notice.

Your contact should check their running processes to see if something
unusual or something
they can't identify running as its probably that. Running an anti-virus
scanner is not good
enough, most Messenger viruses and worms are not detectable as they're
constantly changing.

This isn't a new thing, these have existed for years.

--
Jonathan Kay
Microsoft MVP - Windows Live Messenger
MSN Messenger/Windows Messenger
MessengerGeek Blog: http://www.messengergeek.com
Messenger Resources: http://messenger.jonathankay.com
(c) 2008 Jonathan Kay - If redistributing, you must include this
signature or citation
--


"Ian" <nospam@xxxxxx> wrote in message
news:uKmn1z5aIHA.4208@xxxxxx
Quote:

> Twice in the past 2 days I have received instant messages with a link
to a website and no
Quote:

> accompanying text, pretending to be from one of my contacts. It was
NOT from my contact - I
Quote:

> confirmed this with him.
>
> The link - I am "munging" it (so you don't click on it by accident) -
is as follows:
Quote:

>
> http:// [###] xnetspeed [###] .com BE CAREFUL IF YOU GO TO THIS
SITE!!!
Quote:

>
> I tried viewing the site and find that none of the "buttons" work
(e.g. "About Us"); it's
Quote:

> just a single GIF image that - when you click it - is associated with
a file download
Quote:

> action for an executable file.
>
> I am 99.9% certain that the executable file contains malware or a
virus.
Quote:

>
> I am posting here for 2 reasons:
> 1. To warn others about this scam.
> 2. To ask if the loophole in Windows Live Messenger that allows this
fake message to be
Quote:

> sent can be / (has been) patched.
>
> Thanks & be careful.
>



<http://services.newsgator.com/subscr...url=nntp%3a%2f
%2fmsnews.microsoft.com%2fmicrosoft.public.windows.live.messenger%2f%3c8
E717C85-2F6E-4CB9-AB09-31B73ABE3BDD%40microsoft.com%3e%0d> Related...




_____

***RESOURCE NOT FOUND***



My System SpecsSystem Spec
Reply

Thread Tools
Display Modes



Similar Threads
Thread Thread Starter Forum Replies Last Post
Probable bug in VS2008 Bruce HS .NET General 2 03-19-2008 11:52 AM
Jonathan Kay Susie Live Messenger 0 02-01-2008 09:41 AM
messenger live virus ? Trent Kish Live Messenger 0 01-28-2008 08:26 PM
Virus updates & messenger connection problems lensor Vista networking & sharing 5 07-18-2007 06:02 AM
Probable UAC bug Vipin [MVP] Vista security 2 07-20-2006 09:16 AM


Vistax64.com is an independent web site and has not been authorized,
sponsored, or otherwise approved by Microsoft Corporation.
"Windows Vista", the Start Orb, and related materials are trademarks of Microsoft Corp.
© Designer Media 2005-2008

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51