CJ
join:2000-07-18
USA
|  Windows Live Messenger Hijacked??
Ok, I have a bud that I talk to on messenger and within the past few days I have received messages from him that he says he has not sent.
I didn't record the first link he sent me, but the second one is as follows in it's full context but link made so not to be live.
"hey check this.. h**p//very.c00l-stuff.com ..brb !!"
I clicked on the link, since it was from him and he is always showing me neat or funny things he find.
I didn't notice anything happen, it just seemed like a blank site more or less.
Can someone with the knowledge look at that site and let me know if it is indeed just a place holder of sorts or if it is more nefarious?
TIA |
|
bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
clubs: 
 ·Verizon Online DSL
| There are hundreds (perhaps thousands) of such sites, and visiting one has likely joined you in a large SPAM Bot.
Your contact list is captured, and everyone on that list will start receiving similar messages supposedly from you.
Update your Antivirus, and disconnect from the internet. Scan thoroughly in Safe Mode, and again in Normal mode.
If you find out that is insufficient, head to the Security Cleanup Forum and do the pre-requisite steps at the top of the Forum.
--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users
|
|
CJ
join:2000-07-18
USA
| Well, I have scanned with AVG, AVIRA, SuperAntiSpyware, Adaware and came up with zilch.
That is why I would like someone with knowledge to look at the code of that site to see if I am missing something.
I feel pretty safe that my PC is clean, but reassurance is always nice. |
|
Its a Secret
Whatever
Premium
join:2008-02-23
U B Funny
 ·Shaw
| reply to CJ
Check this: »www.google.ca/search?source=ig&h···ch&meta=
Better get over to the Security cleanup forum to make sure.
»Security Cleanup
--
A triple espresso, please... |
|
Sindows 7
join:2006-09-13
Hope, BC | reply to CJ
»Windows Live Messenger Scam |
|
CJ
join:2000-07-18
USA
1 edit | reply to Its a Secret
I ran Avira again, Spybot S&D, Adaware again, SuperAntiSpyware again, Trend Micro online scan, and all came up with nothing.
I really don't think I was infected with anything. I think it was more of an attempted exploit to gain control of my MSN by obtaining account info. I can tell you that as soon as I thought something was wrong I changed my passwords to all of my Hotmail accounts.
Sindows 7  , I read your post and evidently they have changed the options from the beta to the released product. I cannot find the option anywhere that says to only allow one sign on at a time.
EDIT: I forgot to mention that all the scans were done following the instructions in the Security Cleanup forum, i.e. Safe Mode. |
|
bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
clubs:
·Verizon Online DSL
| reply to CJ
You may well be fine.
There are, because MSN infectors morph so often, specialist tools used in these cases, as most AV and generalist anti-malware tools will not have the infectors in their databases.
What we really need to have is your friend to pay a visit to the Security Cleanup Forum for a checkup. The issue is complicated: the way these infectors work is by stealing your Contacts list, and spoofing the "from" Header. Since you are receiving messages supposedly from your friend, his computer most certainly needs to be reviewed.
--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users
|
|
CJ
join:2000-07-18
USA
| said by bcastner :You may well be fine. There are, because MSN infectors morph so often, specialist tools used in these cases, as most AV and generalist anti-malware tools will not have the infectors in their databases. What we really need to have is your friend to pay a visit to the Security Cleanup Forum for a checkup. The issue is complicated: the way these infectors work is by stealing your Contacts list, and spoofing the "from" Header. Since you are receiving messages supposedly from your friend, his computer most certainly needs to be reviewed. That was my thinking exactly. I'll see if I can convince him to do just that. I know he runs AV and firewall w/ router, but I don't think he uses safe browsing habits. |
|
jeno
@bellsouth.net
 from:
CJ
| reply to CJ
»linkscanner.explabs.com/linkscan···tuff.com
There was 1 threat found.
Stop DANGEROUS: LinkScanner Online has found
[MDAC ActiveX code execution (CVE-2006-0003)]
Detail: Exploit: MDAC ActiveX code execution (CVE-2006-0003)
This exploit penetrates a vulnerability in the Remote Data Services RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8. It allows remote attackers to execute arbitrary code via several attack vectors.
RDS was designed to allow users with ActiveX-enabled browsers, like Internet Explorer, to connect to database servers via a network, download datasets to their local machines, operate on the datasets and then update the results to the remote database server. Unfortunately, due to design flaws in RDS, it was discovered that it was possible to force the download and execution of program code via javascript manipulation of RDS objects, in this case the RDS.Dataspace object.
Addressed in Microsoft Security bulletin MS06-014, released 11 April, 2006, along with updates to the affected MDAC versions.
This is a very commonly used attack vector, often delivered via obfuscated javascript.
CVE-2006-1359
Risk Category: Exploit
Description: XPL's Intelligence Network has detected an exploit. An exploit is a piece of malware code that takes advantage of a vulnerability in a software application, usually the operating system or a web browser to infect a computer. Exploits usually target a computer by means of a drive-by download – the user has no idea that a download has even taken place. XPL recommends not visiting this web site regardless if your computer has been patched for the vulnerability.
Scanned:
Tuesday, April 22, 2008
Our Advice:
This page contains at least one exploit. You should not click on this link without appropriate anti-exploit protection on your PC. |
|
CJ
join:2000-07-18
USA | Thank you Jeno. That was exactly what I wanted to know. |
|
jeno
@bellsouth.net | You're most welcome, CJ  |
|
