Shoutbox

Live Messenger Plus update mail contains Trojan [mess.be post] - Printable Version

-Shoutbox (https://shoutbox.menthix.net)
+-- Forum: MsgHelp Archive (/forumdisplay.php?fid=58)
+--- Forum: Messenger Plus! for Live Messenger (/forumdisplay.php?fid=4)
+---- Forum: WLM Plus! General (/forumdisplay.php?fid=23)
+----- Thread: Live Messenger Plus update mail contains Trojan [mess.be post] (/showthread.php?tid=86675)

Live Messenger Plus update mail contains Trojan [mess.be post] by NiteMare on 10-15-2008 at 07:06 PM

quote:
Originally posted by mess.be
An e-mail is being spammed around inviting users to download an updated version of Live Messenger Plus, supposedly an application which protects the user against a virus that spams instant messages to online contacts. Not to be confused with Messenger Plus! Live, this is actually a non-existent piece of software but a Trojan recognised by antivirus vendors as Mal_Banker (TrendMicro), Trojan.Downloader.Banker.BS (BitDefender) or W32/Banload.A.gen!Eldorado (F-Prot) to name a few.

Websense Security Labs, who discovered the attack yesterday, issued an alert with the following details:

The URLs provided in the email redirect the user to a two-stage downloader named dsc.scr. As a distraction for the user, a dialog box is displayed explaining that the user will be redirected to msn.com.br. A browser then opens pointing to this site. The downloader first contacts hxxp://*snip*ario.com/games_06.jpg, and then hxxp://*snip*ario.com/games_04.jpg, adding the two files to the root of C:

A scheduled task is then created, and modifications are made to autoexec.bat to disable GBPlugin and other tools promoted by Brazilian banks to protect against such keyloggers and other malware. Details on other malicious applications targeting this security software can be found in our previous blog on G-Buster Browser Defence. The malware then goes on to conduct information-stealing activities.
>> More details (and a screenshot) at Websense.

Seeing how the name is so close to Messenger Plus! Live, i thought i'd post this here to avoid mass posting about it in the future from confused people.
RE: Live Messenger Plus update mail contains Trojan [mess.be post] by joey on 10-15-2008 at 07:37 PM

that seems pretty clever to me ;p

gj on telling everyone btw.


RE: Live Messenger Plus update mail contains Trojan [mess.be post] by albert on 10-16-2008 at 02:27 AM

Are these links actually safe?


RE: Live Messenger Plus update mail contains Trojan [mess.be post] by NiteMare on 10-16-2008 at 02:33 AM

quote:
Originally posted by albert
Are these links actually safe?
i would assume no, but those links in the post are not the real links