Windows Live Messenger (previously and still famously known as MSN Messenger) users have increasingly received annoying spam instant messaging from friends and buddies. When sending these spam IM, the contacts will sign in online and log out almost immediately, making those who want to chat with the pal disappointed. One characteristic of the spam IM sent in WLM is that they are almost arrived together at the same time, some received as offline message, and there is always a URL (link location) for you to click, with or without additional messages.
If you click on the URL (it’s hard not to click though especially with all the provocative text description) and go to the website, chance is that the website is highly malicious or may contain exploit, and may infect your computer with virus, Trojan, worm, keylogger, spyware, bot and etc. However, most is phishing site that attempt to steal your user name (email address) and password. And now it may be your turn to send these URLs to your contacts instead. When receiving these suspicious instant message, rule of thumb is DO NOT click on the link.
The link normally opens web pages with title such as “PICS FOR MSN FRIENDS v1.1c” and “FREE RINGTONES, WALLPAPERS, JAVA-GAMES” page (linked by infamous g00d-stuff fake IM message). These pages are phishing webpages that attempt to steal your password, and may also contain exploit to plant virus on your PC. “PIC FOR MSN FRIENDS v1.1c” page even looks starkly similar to MSN Messenger login user interface and asking for Windows Live login credentials, completely with Terms and Conditions that ripping off: “By filling out this form, you authorize TST Management, Inc to spread the word about this 100% real and upcomming Messenger Community Site. By using our service/website you hereby fully authorize TST Management, Inc to send messages of a commercial nature via Instant Messages and E-Mails on behalf of third parties via the information you provide us.” Worst, the T&C is automatically accepted by the fake “logging in”. Another good trick by the phishers is sites that check who blocked you which asks for login information. Another rule here is not DO NOT enter your password on any suspicious sites.
Fact about Spam IM from MSN Friends with Malicious Links
- If you do not click on the link, you are likely not infected and your password is likely not compromised.
- Even if you ‘accidentally’ visit these sites, do not panic. As mentioned, most of these malicious activity operates by the way of phishing, i.e. stealing your user ID and password. For this to happen, you have to enter on the web page. Beside, with the evolution of modern web browser, most web pages, even if contain exploits, are unlikely to infect your system, unless you never update your system, use out-of-date browser or it happens to be ‘zero-day exploit’.
- In most cases, when you receive such messages from your friend, it means that your friend MSN account has been hacked and compromised. It’s likely that your account is still intact, unless your friends receiving similar messages purportedly sent by you.
Resolution Steps to Remove or Clean the Windows Live Messenger MSN ‘Virus’
- If you feel uncomfortable, install latest version of anti-virus program with updated virus signature pattern file, and run a complete scan of your system. To make the system security check complete, install and scan also with anti-spyware product (such as ZoneAlarm Anti-Spyware, Ad-Aware and Spyware Doctor), and anti-malware solution (such as Malwarebytes).
- There are program that specializes in cleaning and removing MSN (Windows Live) Messenger viruses, such as Clean Virus MSN, MSNFix and MSNVirusRemoval. Install and run these programs to make sure that no virus or malware that target MSN Messenger or Windows Live Messenger exists.
- Last but MOST importantly, change your password. Or more accurately, ask your contact who spam you in MSN Messenger to change his or her password immediately. By changing the Windows Live account password, spammer’s bot no longer able to access login on your behalf to spam the contact list. To change the Windows Live MSN Messenger password, follow these steps:
- Go to https://account.live.com/.
- Login to your Windows Live ID (MSN Messenger user name).
- On “Account” page, click on Change under “Password reset information” section.
- Enter existing password and new password. Click Save when done.
If you can’t login to your account (unlikely as the messenger client uses the same password), follow these steps:
- Go to http://login.live.com/.
- Click on Forgot your password? link. If you are prompted with “Click a Windows Live ID to sign in” with your user name displayed, click on Sign in with a different account.
- Enter the MSN Windows Live email address, and type the characters captcha that appears in the Picture box, and click Continue.
- Click Send yourself a password reset e-mail message.
- Click Send Message.
- Click Done on the confirmation page.
- Login to the alternate email address that associated with the Windows Live account, and click on the link in the e-mail message to reset the password.
- On the “Confirm your e-mail address” page, type your e-mail address, and then click Continue.
- Type in new password and and then click Continue.
- Enter an alternate email address and click Continue or click Skip.
- Click Done when “You’ve changed your password” message is displayed.
Following is a long list of known URLs, link locations, and spam messages that been distributed all around the world. Some even smarter enough to send you another bye farewell message with :) smiley face.
http://www.LikeItLotz.com :-O (H)
http://LikeThatStuff.com/?user=username .. coool xD !!
http://SuperCoolz.com <3 ^^ http:>