WinFixer spyware spreading in MSN / Windows Live Messenger ads - Printable Version
-Shoutbox (https://shoutbox.menthix.net)
+-- Forum: MsgHelp Archive (/forumdisplay.php?fid=58)
+--- Forum: Skype & Technology (/forumdisplay.php?fid=9)
+---- Forum: Skype & Live Messenger (/forumdisplay.php?fid=10)
+----- Thread: WinFixer spyware spreading in MSN / Windows Live Messenger ads (/showthread.php?tid=71866)
WinFixer spyware spreading in MSN / Windows Live Messenger ads by Menthix on 02-17-2007 at 09:10 PM
There was already news about this on mess.be yesterday. But although the ActiveX controls seem to be gone now, spyware is still spreading through Microsoft's banner network 
.
Whenever you see this banner in Messenger, do not click it, and if it launches any popups or warning, close them.
![[Image: the_PC-Secure_banner_spreading_WinFixer_spyware.gif]](http://random.menthix.net/MSN_Windows_Live_Messenger_spreading_WinFixer_spyware/the_PC-Secure_banner_spreading_WinFixer_spyware.gif)
I saw that one today, here is what happens when you click it:
![[Image: WLM_Screenshot_3.png]](http://random.menthix.net/PC-Secure/WLM_Screenshot_3.png)
![[Image: screenshot3__site_after_banner_click.png]](http://random.menthix.net/MSN_Windows_Live_Messenger_spreading_WinFixer_spyware/screenshot3__site_after_banner_click.png)
When downloading the file the virus scanner kicked in:
![[Image: screenshot4__virus_detected.png]](http://random.menthix.net/MSN_Windows_Live_Messenger_spreading_WinFixer_spyware/screenshot4__virus_detected.png)
"Technical" details:
![[Image: screenshot5__msnmsgr.exe_HTTP_traffic_log.png]](http://random.menthix.net/MSN_Windows_Live_Messenger_spreading_WinFixer_spyware/screenshot5__msnmsgr.exe_HTTP_traffic_log.png)
For those who don't know about WinFixer and its variants, read the Wikipedia WinFixer article. If you are infected by this, read http://www.spywareremove.com/removeWinFixer.html .
I wonder how many people that don't have a clue felt for it so far 
.
EDIT: Digg this http://digg.com/security/Microsoft_is_distributing_Winfixer_malware 
RE: WinFixer spyware spreading in MSN / Windows Live Messenger ads by Voldemort on 02-17-2007 at 09:14 PM
Dodgy microsft... let's see what they have to say....
i wonder what sandi will say on her blog
let's take wlm out of the mvp thingo
RE: WinFixer spyware spreading in MSN / Windows Live Messenger ads by Menthix on 02-17-2007 at 09:17 PM
quote:Same
Originally posted by Voldemort
wonder what sandi will say on her blog
. Mailed her yesterday, she said she was investigating it. Just mailed her again with more details.
RE: WinFixer spyware spreading in MSN / Windows Live Messenger ads by Nathan on 02-17-2007 at 09:32 PM
Link to sandi's blog please
RE: WinFixer spyware spreading in MSN / Windows Live Messenger ads by Nagamasa on 02-17-2007 at 11:33 PM
Coming to thinking of this, it suprises me how fragile certain Microsoft things are...perhaps they should get rid of advirstisements to 'avoid' that problem
Lets hope they cant hack into someone's display picture or anything else and advirtise something else (perhaps inappropriate), and that everything else is secure.
RE: WinFixer spyware spreading in MSN / Windows Live Messenger ads by Menthix on 02-18-2007 at 01:02 AM
quote:http://www.msmvps.com/blogs/spywaresucks/ but she hasn't posted anything about it yet.
Originally posted by Nathan
Link to sandi's blog please
RE: WinFixer spyware spreading in MSN / Windows Live Messenger ads by Voldemort on 02-18-2007 at 02:08 AM
quote:errrrrrrrr dodgy ads != backdoor or something...
Originally posted by Nagamasa
Lets hope they cant hack into someone's display picture
RE: WinFixer spyware spreading in MSN / Windows Live Messenger ads by Patchou on 02-18-2007 at 07:30 AM
Quick note, as we're in the subject: I trust all of you NOT to post anything "stupid" to comment Sandi's blog (or any other blog for that matter). I know most of you sometimes just want to protect Messenger Plus! but history has shown it's better to stay civilized.
I know most of you already know that and in this particular case, there's nothing against Messenger Plus! itself anyway (all the countrary if you read the latest posts). I just want to be sure everybody is crystal clear on that . So, if you post a comment anywhere and you mention Messenger Plus! or this forum, please act like gentlemen! (and demoiselles 
).
RE: RE: WinFixer spyware spreading in MSN / Windows Live Messenger ads by High Speed Chaser on 02-18-2007 at 07:33 AM
quote:
Originally posted by MenthiX
quote:http://www.msmvps.com/blogs/spywaresucks/ but she hasn't posted anything about it yet.
Originally posted by Nathan
Link to sandi's blog please
She has now
RE: WinFixer spyware spreading in MSN / Windows Live Messenger ads by Menthix on 02-18-2007 at 11:19 AM
http://digg.com/security/Microsoft_is_distributing_Winfixer_malware 