What happened to the Messenger Plus! forums on msghelp.net?
Shoutbox » MsgHelp Archive » Messenger Plus! for Live Messenger » WLM Plus! General » Live Messenger Plus update mail contains Trojan [mess.be post]

Live Messenger Plus update mail contains Trojan [mess.be post]
Author: Message:
NiteMare
Veteran Member
*****

Avatar
Giga-Byte me

Posts: 2497
Reputation: 37
36 / Male / Flag
Joined: Aug 2003
O.P. Live Messenger Plus update mail contains Trojan [mess.be post]
quote:
Originally posted by mess.be
An e-mail is being spammed around inviting users to download an updated version of Live Messenger Plus, supposedly an application which protects the user against a virus that spams instant messages to online contacts. Not to be confused with Messenger Plus! Live, this is actually a non-existent piece of software but a Trojan recognised by antivirus vendors as Mal_Banker (TrendMicro), Trojan.Downloader.Banker.BS (BitDefender) or W32/Banload.A.gen!Eldorado (F-Prot) to name a few.

Websense Security Labs, who discovered the attack yesterday, issued an alert with the following details:

The URLs provided in the email redirect the user to a two-stage downloader named dsc.scr. As a distraction for the user, a dialog box is displayed explaining that the user will be redirected to msn.com.br. A browser then opens pointing to this site. The downloader first contacts hxxp://*snip*ario.com/games_06.jpg, and then hxxp://*snip*ario.com/games_04.jpg, adding the two files to the root of C:

A scheduled task is then created, and modifications are made to autoexec.bat to disable GBPlugin and other tools promoted by Brazilian banks to protect against such keyloggers and other malware. Details on other malicious applications targeting this security software can be found in our previous blog on G-Buster Browser Defence. The malware then goes on to conduct information-stealing activities.
>> More details (and a screenshot) at Websense.

Seeing how the name is so close to Messenger Plus! Live, i thought i'd post this here to avoid mass posting about it in the future from confused people.
[Image: sig/]
I'll never forget what she said 6621 days, 8 hours, 25 minutes, 59 seconds ago
Need hosting? Check
out my website. we can help you out :)
10-15-2008 07:06 PM
Profile PM Web Find Quote Report
joey
Senior Member
****

Avatar
Epoc Faileur.

Posts: 734
Reputation: 26
33 / Other / Flag
Joined: Dec 2006
RE: Live Messenger Plus update mail contains Trojan [mess.be post]
that seems pretty clever to me ;p

gj on telling everyone btw.

Break my heart all you want, i'm on the NHS.
ever wondered what it's like to ejaculate through your ears...? ;o
10-15-2008 07:37 PM
Profile E-Mail PM Web Find Quote Report
albert
Veteran Member
*****

Avatar

Posts: 2247
Reputation: 42
– / Male / Flag
Joined: Feb 2005
RE: Live Messenger Plus update mail contains Trojan [mess.be post]
Are these links actually safe?
10-16-2008 02:27 AM
Profile E-Mail PM Web Find Quote Report
NiteMare
Veteran Member
*****

Avatar
Giga-Byte me

Posts: 2497
Reputation: 37
36 / Male / Flag
Joined: Aug 2003
O.P. RE: Live Messenger Plus update mail contains Trojan [mess.be post]
quote:
Originally posted by albert
Are these links actually safe?
i would assume no, but those links in the post are not the real links
[Image: sig/]
I'll never forget what she said 6621 days, 8 hours, 25 minutes, 59 seconds ago
Need hosting? Check
out my website. we can help you out :)
10-16-2008 02:33 AM
Profile PM Web Find Quote Report
« Next Oldest Return to Top Next Newest »


Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites
Rate This Thread:

Forum Jump:

Forum Rules:
You cannot post new threads
You cannot post replies
You cannot post attachments
You can edit your posts
HTML is Off
myCode is On
Smilies are On
[img] Code is On