Daily cyber threats and internet security news: network security, online safety and latest security alerts
October 18th, 2008

MSN Messenger Used As Lure In Another Malicious Spam Wave

Websense Labs are reporting a new malicious spam lure that uses the threat of a virus to encourage users to download a malicious Trojan. The email explains that by downloading the application linked within the email, users can protect themselves against a virus that spams messages to a user’s contacts. The email offers an update to Live Messenger Plus which is actually a Trojan (md5: 5F1D2521F6949F8B71B9FF93C17A8BE2). Current antivirus detection rate is low.

The URLs provided in the email redirect the user to a two-stage downloader named dsc.scr. As a distraction for the user, a dialog box is displayed explaining that the user will be redirected to A browser then opens pointing to this site. The downloader first contacts http://*******.com/games_06.jpg, and then http://*******.com/games_04.jpg, adding the two files to the root of C: drive.

A scheduled task is then created, and modifications are made to autoexec.bat to disable GBPlugin and other tools promoted by Brazilian banks to protect against such keyloggers and other malware. The malware then goes on to conduct information-stealing activities.

Share this article with others:

More on CyberInsecure:
  • Fake IE 7 Update Spam Installs Malware
  • Malware Served Through Flash Exploits By MSN Norway
  • Stolen Database Being Used To Spam Stickam Users
  • Scammers Avoid Spam Detection By Using Redirection In Adobe Flash Files And Free Hosting
  • Facebook Mobile API XSS Vulnerability Used To Launch Spam Worm

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: MSN Messenger Used As Lure In Another Malicious Spam Wave

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.