Recently I’ve noticed more and more people sending me offline messages to my Windows Live Messenger that contains only a link and nothing else. The weirdest part was some of the message came from contacts that were really old which I’ve removed from my list long ago. I noticed that most of the link uses .info generic top-level domain name and some of the letters are being replaced with numbers such as number 1 for letter L, number 5 for letter S and etc. The messages are being sent offline and the main page uses indexxx.php file.
Clicking on the link will bring me to a page with a webform that looks like the latest Windows Live Messenger asking me to login with my MSN to continue. It is a phishing site which is supposed to represent “100% real and upcoming Messenger Community Site” called PICS FOR MSN FRIENDS (v1.1c).
If you got such message from your friends, do not panic because both you and your friends are not being infected by MSN virus. Only your friend’s account has been compromised. Here’s what you should do when you receive such message.
First thing is to tell your friends to change their password. By doing that, the bots can no longer access your friend’s MSN account and spam their contact list.
To change or reset the password for your Windows Live Messenger account, follow these steps:
1. Go to http://login.live.com web page and then click Forgot Your Password.
2. Type in your MSN e-mail address, type the characters that appear in the Picture box, and then click Continue.
3. Click Send yourself a password reset e-mail message.
4. Click Send Message.
5. On the confirmation page, click Done.
6. Sign in to your e-mail account, and then click the link in the e-mail message to reset your password.
7. On the Confirm your e-mail address page, type your e-mail address, and then click Continue.
8. Type your new password two times, and then click Continue.
9. If you want to enter an “alternate” e-mail address, type the address two times, and then click Continue. If you do not want to enter an “alternate” e-mail address, click Skip.
10. When you receive the “You’ve changed your password” message, click Done.
Some examples of the links are the below but please DO NOT enter your MSN email and password! I’m sure there are a whole lot more, so be very careful not to simple enter your MSN login details.
username.bl1ng.info username.jumphost.info username.n1cestuff.info checkdiz.info username.awes0me.info username.ther1ng.info username.snapsh0t.info username.da-real-deal.info username.ch33se.info c0ol-th1ng.info imgeshack.info m0bil3.info imageloko.info imagedino.info imagealina.info hostapic.info holyimage.info imagrshak.info get-that-stuff.info coooool.info datsyou.com is-thatt-you.com is-dat-u.com thatzyou.com RealCoolThingz.com yoimgz.com partypartypics.info specialofferforu.info insanethingsforyou.com bakblu.com burnoutpeeps.com picsforparty.info nustuff4u.com my-prime-pics4u.com WOW USERNAME I found this great webpage that is giving away a free Best Buy Gift Card go sign up for yours before they are all gone http://username.colzop.com
If you know any other sites that is the same, please leave a comment so I can add it in the list. I am not sure if we can do anything to these websites because it does say that “By logging in you accept the Terms and Conditions”. The terms are “By filling out this form, you authorize TST Management, Inc to spread the word about this 100% real and upcomming Messenger Community Site. By using our service/website you hereby fully authorize TST Management, Inc to send messages
of a commercial nature via Instant Messages and E-Mails on behalf of third parties via the information
you provide us.” What we can do is to be cautious and do not simply enter our login information to any websites.
Note: If you suspect that it might be a virus, try scanning your computer with free Kaspersky Virus Removal Tool or MSN Photo Virus Remover.