Raymond.CC Blog

Last year there was a lot of automated MSN messages that leads you to PICS FOR MSN FRIENDS phishing website. It has now died down but here’s a new wave of MSN phishing sites. Two days ago I received an email from an old friend which we have not kept touch for a few years. The subject of the email is “hi o_O?” which doesn’t look like I should suspect anything because I know that my friend likes to use these kind of winking emotions. After opening the email, here is what it says:

hiyaaa!
Howdyy? had a damn boring day today :s
whats up at your place?
Anyway, i can bet you’re going to smile after reading this… :P
It’s Easy, Secure and Free!
Try it Now, Click Here
Thanks

Upon clicking on the link, you will see a page with the title “You’re Blocked :: MSN Messenger Block Checker – MSN Messenger Stats Checker” that allows you to verify who blocked you on their msn contact list. Bu before you can use the free service, you’ll first need to enter your MSN login and password.

I know most of you probably won’t fall for this but some of you will. Most of the time people disclose their sensitive information to a phising site is because the link came from a trusted friend who also got phished in the first place. Secondly the website has a nice looking login screen where some people will automatically enter their username and password. It’s a common mistake when people are not careful enough.


I checked the HTML source code of the phishing site and found that no matter what login and password I enter, it will tell me “Wrong E-mail or Password”. Secondly, it has a javascript which does all capturing after you submit the form. For a person that is familiar with computers, he/she should know that there is no way to check who blocked you on MSN.

I am very sure that this email is not sent by my friend but rather it’s from a phisher which has already captured her MSN login and password. If you received such email, please inform your friend that her MSN login and password has been compromised. All they need to do is to change their password so that the phisher can no longer use that account to send spam emails.

To change or reset the password for your MSN account, follow these steps:
1. Go to http://login.live.com web page and then click Forgot Your Password.
2. Type in your MSN e-mail address, type the characters that appear in the Picture box, and then click Continue.
3. Click Send yourself a password reset e-mail message.
4. Click Send Message.
5. On the confirmation page, click Done.
6. Sign in to your e-mail account, and then click the link in the e-mail message to reset your password.
7. On the Confirm your e-mail address page, type your e-mail address, and then click Continue.
8. Type your new password two times, and then click Continue.
9. If you want to enter an “alternate” e-mail address, type the address two times, and then click Continue. If you do not want to enter an “alternate” e-mail address, click Skip.
10. When you receive the “You’ve changed your password” message, click Done.

I don’t think that the phisher would change your MSN password once they get your account information. It seems that the owner of the phishing site comes from China and recently I’ve gotten a lot of spam from them trying to get me to buy electronics, medicines, shoes and etc from them. So my guess is they are trying to harvest as many login as possible and then use it for spamming purposes.

Some examples of the links are the below but please DON’T enter your MSN email and password! I’m sure there are a whole lot more, so be very careful not to simple enter your MSN login details. If you got any, please leave a comment so I can add it to the list.

http://wbc2.great-friends-dont-block.com/?id=9r6&session=CMDUcT1EekeZlWYd-Qb8ropqFV2LzvKdrGNLkHCzbjU=

http://3crq.friends-circle-blocks-check.com/?id=TXg&session=9zJwltj–cQOKU6LpCLgXCig4YD0Gn0K-5S5wBjNWIA=

http://kspl.friends-circle-blocks-check.com/?id=8mM&session=W21H6vxwMB966Tn2XB0wzywRXlnEGl2Omz20D4zOpDU=