What happened to the Messenger Plus! forums on msghelp.net?
Shoutbox » MsgHelp Archive » Skype & Technology » Tech Talk » Block-Checker

Block-Checker
Author: Message:
segosa
Community's Choice
*****


Posts: 1407
Reputation: 92
Joined: Feb 2003
RE: Block-Checker
Its so called "version check" when it starts is this:

code:
POST /version.html HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Accept-Language: en-us
Content-Length: 0
Accept: */*
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Host: www.block-checker.com
Connection: Keep-Alive

HTTP/1.1 200 OK
Date: Wed, 17 Aug 2005 15:51:18 GMT
Server: Apache
Last-Modified: Fri, 12 Aug 2005 00:00:51 GMT
ETag: "190107-b-34f0d2c0"
Accept-Ranges: bytes
Content-Length: 11
Content-Type: text/html
Age: 1
Connection: close

version 1.0


If you enter an address and click check all it does is contact http://blockstatus.com/msn/stchecker with the appropriate POST variables filled in. Effectively ripping off their service.

Installs these files in C:\Program Files\Block Checker
code:
08/11/2005  04:50 PM           720,896 Block Checker.exe
08/10/2005  07:46 PM            49,152 block-checker.exe
08/10/2005  07:45 PM            28,672 csrss.exe
08/17/2005  05:51 PM             2,037 setup.log
08/11/2005  04:16 PM            16,384 setup_finish.exe
10/18/2003  05:58 PM            64,512 uninstall.exe
               6 File(s)        881,653 bytes

"Block Checker.exe" is the one which is the block checker, the others run in the background:

csrss.exe and block-checker.exe are executed at the end of installation. csrss.exe is the name of a critical Windows process, obviously why the file was named that.

setup_finish.exe (coded in VB) is the file which is executed at the end of installation and it executes csrss.exe and block-checker.exe. It also seems to attempt to delete "system.exe".

csrss.exe is written in VB too, and its purpose is simply to constantly scan the process list and make sure block-checker.exe is there. If it isn't, it will restart the exe.

And of course our lovely block-checker.exe's reason for running is to search for Yahoo, MSN and AIM conversation windows it can send the following messages to:

"Hey you can see who's blocking you on MSN! Download it now http://www.block-checker.com"
"Did you know you can find out who blocked you on MSN? Check it out, it's free http://www.block-checker.com"
"I know who's blocking me on MSN because I use http://www.block-checker.com"
"Did they block you too? Download a free MSN Block Checker http://www.block-checker.com"
"Find out who's blocking you on MSN, Download it free from http://www.block-checker.com"

"Find out who's blocking you on Yahoo, Download it free from http://www.block-checker.com"
"Did you know you can find out who blocked you on Yahoo? Check it out, it's free http://www.block-checker.com"
"I know who's blocking me on Yahoo because I use http://www.block-checker.com"
"Did they block you too? Download a free Yahoo Block Checker http://www.block-checker.com"
"Hey you can see who's blocking you on MSN! Download it now http://www.block-checker.com"

"Find out who's blocking you on AIM, Download it free from http://www.block-checker.com"
"Did you know you can find out who blocked you on AIM? Check it out, it's free http://www.block-checker.com"
"I know who's blocking me on AIM because I use http://www.block-checker.com"
"Did they block you too? Download a free AIM Block Checker http://www.block-checker.com"
"Hey you can see who's blocking you on AIM! Download it now http://www.block-checker.com"


The code has evidence that it also searches the process list for csrss.exe to keep it running, but I think their plan backfired as it will always find the legitimate Windows csrss.exe file.

To send messages to MSN Messenger conversation windows it searches for windows containing " - Conversation" and uses sendkeys to send the message.

It creates files "exclusion_AOL.ini", "exclusion_MSN.ini" and "exclusion_Yahoo.ini" in the system directory which look like they include the people the message has already been sent to, in order not to resend it to anyone...

It adds itself to startup,of course, under HKLM with the name "block-checker" pointing to C:\Program Files\Block Checker\block-checker.exe.

@mwe99: well how the hell is your antivirus going to pick it up if THIS IS A NEW VIRUS? An antivirus can't detect what it doesn't know about.

This post was edited on 08-17-2005 at 04:21 PM by segosa.
The previous sentence is false. The following sentence is true.
08-17-2005 04:17 PM
Profile PM Find Quote Report
« Next Oldest Return to Top Next Newest »

Messages In This Thread
Block-Checker - by mwe99 on 08-17-2005 at 03:29 PM
RE: Block-Checker - by absorbation on 08-17-2005 at 03:31 PM
RE: Block-Checker - by mwe99 on 08-17-2005 at 03:32 PM
RE: Block-Checker - by ~INVASION~ on 08-17-2005 at 03:34 PM
RE: Block-Checker - by mwe99 on 08-17-2005 at 03:36 PM
RE: Block-Checker - by Millenium_edition on 08-17-2005 at 03:41 PM
RE: Block-Checker - by mwe99 on 08-17-2005 at 04:04 PM
RE: Block-Checker - by toddy on 08-17-2005 at 04:05 PM
RE: Block-Checker - by segosa on 08-17-2005 at 04:17 PM
RE: Block-Checker - by Concord Dawn on 08-17-2005 at 04:33 PM
RE: Block-Checker - by zaher1988 on 08-17-2005 at 04:36 PM
RE: Block-Checker - by mwe99 on 08-17-2005 at 04:41 PM
RE: Block-Checker - by segosa on 08-17-2005 at 04:45 PM
RE: Block-Checker - by mwe99 on 08-17-2005 at 04:47 PM
RE: Block-Checker - by zaher1988 on 08-17-2005 at 04:48 PM
RE: Block-Checker - by guanako on 08-17-2005 at 05:14 PM
RE: Block-Checker - by mwe99 on 08-17-2005 at 05:16 PM
RE: Block-Checker - by Millenium_edition on 08-17-2005 at 05:29 PM
RE: Block-Checker - by mwe99 on 08-17-2005 at 06:06 PM
RE: Block-Checker - by CookieRevised on 08-17-2005 at 06:07 PM
RE: RE: Block-Checker - by kipper2258 on 08-20-2005 at 03:31 PM
RE: Block-Checker - by Joa on 08-17-2005 at 06:51 PM
RE: Block-Checker - by Fergy on 08-19-2005 at 05:50 AM
RE: Block-Checker - by segosa on 08-19-2005 at 09:40 AM
RE: RE: Block-Checker - by CookieRevised on 08-19-2005 at 12:06 PM
RE: Block-Checker - by Fergy on 08-19-2005 at 02:44 PM
RE: Block-Checker - by Val on 08-21-2005 at 04:11 AM
RE: Block-Checker - by Fergy on 08-21-2005 at 04:06 PM
RE: Block-Checker - by CookieRevised on 08-21-2005 at 04:41 PM
RE: Block-Checker - by Fergy on 08-21-2005 at 04:54 PM
RE: Block-Checker - by CookieRevised on 08-21-2005 at 05:19 PM
RE: RE: Block-Checker - by selene on 08-26-2005 at 02:56 PM
RE: Block-Checker - by Fergy on 08-21-2005 at 05:29 PM
RE: Block-Checker - by qgroessl on 08-22-2005 at 01:46 AM
RE: Block-Checker - by mwe99 on 08-22-2005 at 02:10 AM
RE: Block-Checker - by qgroessl on 08-22-2005 at 03:23 AM
RE: Block-Checker - by Lou on 08-22-2005 at 03:35 AM
RE: Block-Checker - by ~INVASION~ on 08-22-2005 at 03:56 AM
RE: Block-Checker - by qgroessl on 08-22-2005 at 04:07 AM
RE: Block-Checker - by Fergy on 08-22-2005 at 04:19 AM
RE: Block-Checker - by CookieRevised on 08-22-2005 at 09:35 AM
RE: Block-Checker - by Sunshine on 08-24-2005 at 10:12 AM
RE: Block-Checker - by Idium on 08-24-2005 at 10:34 AM
RE: Block-Checker - by saralk on 08-24-2005 at 10:47 AM
RE: RE: Block-Checker - by segosa on 08-24-2005 at 02:50 PM
RE: Block-Checker - by Idium on 08-24-2005 at 02:15 PM
RE: Block-Checker - by ShawnZ on 08-24-2005 at 02:29 PM
RE: Block-Checker - by CookieRevised on 08-24-2005 at 03:34 PM
RE: Block-Checker - by Fergy on 08-24-2005 at 04:34 PM
RE: Block-Checker - by Idium on 08-24-2005 at 05:50 PM
RE: Block-Checker - by kipper2258 on 08-24-2005 at 09:35 PM
RE: Block-Checker - by lui2603 on 08-24-2005 at 11:51 PM
RE: Block-Checker - by Fergy on 08-25-2005 at 04:34 AM
RE: RE: Block-Checker - by CookieRevised on 08-25-2005 at 04:48 AM
RE: Block-Checker - by kipper2258 on 08-25-2005 at 03:49 PM
RE: Block-Checker - by Fergy on 08-26-2005 at 03:55 PM
RE: Block-Checker - by selene on 08-26-2005 at 04:05 PM
RE: Block-Checker - by segosa on 08-26-2005 at 04:37 PM
RE: RE: Block-Checker - by selene on 08-31-2005 at 01:31 AM
RE: Block-Checker - by benjyrama on 08-27-2005 at 11:53 AM
RE: Block-Checker - by CookieRevised on 08-27-2005 at 04:06 PM
RE: Block-Checker - by underacloud11 on 09-04-2005 at 10:01 PM
RE: RE: Block-Checker - by CookieRevised on 09-05-2005 at 04:46 AM
RE: Block-Checker - by daveok on 09-19-2005 at 06:06 AM
RE: Block-Checker - by jiz on 03-07-2006 at 01:04 AM
RE: Block-Checker - by Ladylibra_10 on 04-12-2006 at 05:30 AM
RE: Block-Checker - by NiteMare on 04-12-2006 at 06:16 AM
RE: Block-Checker - by adam9106 on 05-21-2006 at 07:15 PM
RE: Block-Checker - by Beabees on 08-03-2006 at 06:57 PM
RE: Block-Checker - by ryxdp on 08-09-2006 at 06:32 AM


Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites
Rate This Thread:

Forum Jump:

Forum Rules:
You cannot post new threads
You cannot post replies
You cannot post attachments
You can edit your posts
HTML is Off
myCode is On
Smilies are On
[img] Code is On