Shoutbox

Dear staff member(s),

Recently a site named <removed> has started. This site contains an MSN-hijacking tool that is used by many people. Opening the site will result in an automessage saying the following:

Wanna be a MSN-hacker? So you can mess with al your friends? Go to <link removed>

This program violates a law that must be respected. That law is privacy violation and is STRICTLY forbidden. I had contact with MSN Netherlands, and they said the following [translated from Dutch to English]:

"Dear Frits,

The problem you have brought to us is ONLY possible to be active with any version of Messenger Plus! installed. We recoomend you to get in contact with Patchou."

I e-mailed the internet host aswell, called Planet Internet BV. [www.planet.nl] I'm still waiting for their reply. I did a little research and found out that the MSNFunMaker is an MSN Trojan 5.0/MSN Spider and that the .exe makes a file on the Pad it's put in named gmon.out. I tried to delete it, but no result came out of it.

What I want to reach with this forum post is that you, from MessengerPlus.NET/Patchou.com consider making a program against it, or preform legal steps against the site owner(s).

Sincerly,

Frits Mijnders
The Netherlands
dafrizz@gmail.com

Frits, it's very good that you inform people about this.  
WHOIS on the <removed> gives this address:

Registrant:
   Ab Decor
   Ijsselstraat 21
   Ijsselstein, Utrecht 3401DY
   NL

I checked this address with Routenet.nl (I'm also Dutch) and this address is fake . Same goes for the telephone number on the WHOIS page: 0573408448. The province of Utrecht, and IJsselstein for sure, has regional number 03(0) and not 057.

You're right that Planet.nl should remove this site from their servers as soon as possible, and I hope they will.

(The 'root' of the Planet.nl account picturecentre is hosted on shows this site: <link removed> which contains no info about the user..)

BTW.. I downloaded the installer exe but Norton doesn't detect it as a virus. I scanned the file with the online malware scanner and only 2 of the 12 scanners give a hit:
Kaspersky Anti-Virus  Trojan-Dropper.Win32.WinAD.d (1.02 seconds taken)
mks_vir  Trojan.Dropper.Winad.D (0.22 seconds taken)

dang that seems dangerous.. so if we get Plus! off are we sure to b okay?!

I don't see any way Messenger Plus has anything to do with this. Strange reply from MSN...

(btw, isn't this in the wrong forum?

quote:

---

Originally posted by lp15
dang that seems dangerous.. so if we get Plus! off are we sure to b okay?!

---

Don't download that file on the web the guy is pointing at. That's how you are safe.

MsgPlus! has nothing to do with it.

its probably a plugin for messenger plus!, and there is a disclaimer saying that messenger plus! plugins may cause dodgy behaivour (not in those exact words)

Its like blaming bropia on microsoft.

Just to clear some things up:

What I understand from dafrizz and the <removed> site is that it's supposed to be a hacking tool which attacks people using Msgplus. I think this is not true and it's just a virus/trojan that's installs itself and claims to be Msgplus.
If you read the readme of the tool it says you have to type commands like

"name(...)" where '...' should be the name you want you contact's name to change to.
These are no normal Msgplus commands... (which start with a '/').

@ lp15:
There is NO need to remove Plus. This is a virus/trojan, and it doesn't spread trough MSN/Msgplus, so only if you download/execute it yourself it's a problem. Just don't run it and never accept anything like it from your contacts.

@ Juzzi:
Msgplus has nothing to do with it in the first place, but the 'hacking tool' claims to be a tool which attacks Msgplus users. I think Microsoft is just being naïve; this is just a MSN trojan which probably also works on MSN users without Msgplus.

I know a firend who uses this...

quote:

---

Originally posted by Vilkku
I know a firend who uses this...

---

And it works ?
hm. I'll test that thing on my network tomorrow...

me and ash tried it, but it didnt work.