There was already news about this on mess.be yesterday. But although the ActiveX controls seem to be gone now, spyware is still spreading through Microsoft's banner network
.
Whenever you see this banner in Messenger, do not click it, and if it launches any popups or warning, close them.
![[Image: the_PC-Secure_banner_spreading_WinFixer_spyware.gif]](http://random.menthix.net/MSN_Windows_Live_Messenger_spreading_WinFixer_spyware/the_PC-Secure_banner_spreading_WinFixer_spyware.gif)
I saw that one today, here is what happens when you click it:
![[Image: WLM_Screenshot_3.png]](http://random.menthix.net/PC-Secure/WLM_Screenshot_3.png)
![[Image: screenshot3__site_after_banner_click.png]](http://random.menthix.net/MSN_Windows_Live_Messenger_spreading_WinFixer_spyware/screenshot3__site_after_banner_click.png)
When downloading the file the virus scanner kicked in:
![[Image: screenshot4__virus_detected.png]](http://random.menthix.net/MSN_Windows_Live_Messenger_spreading_WinFixer_spyware/screenshot4__virus_detected.png)
"Technical" details:
![[Image: screenshot5__msnmsgr.exe_HTTP_traffic_log.png]](http://random.menthix.net/MSN_Windows_Live_Messenger_spreading_WinFixer_spyware/screenshot5__msnmsgr.exe_HTTP_traffic_log.png)
For those who don't know about WinFixer and its variants, read
the Wikipedia WinFixer article. If you are infected by this, read
http://www.spywareremove.com/removeWinFixer.html .
I wonder how many people that don't have a clue felt for it so far
.
EDIT: Digg this
http://digg.com/security/Microsoft_is_distributing_Winfixer_malware 
/ 
