7/24/2007

Nasty IM Spam Sites Comin' at ya - UPDATE!

NOTE: It only took the DNS provider an hour or so to shut these bastards down. Good Riddance! I'm leaving the post up for educational purposes. Don't give out your Windows Live ID (Passport) or other credentials to any site unless you absolutely know who they are. In this case, you are getting a message from a trusted friend to go visit this site. That's social engineering.

UPDATE 7/28/2007: These guys are back with a new domain and a new provider, and now they have EVEN MORE "FAQ" like stuff to try and convince you that they aren't "Phishing".
TRUST ME: THEY ARE:
http://www.messenger-tips.com/

Visit this site:
http://msnlive.bounceme.net/ (This domain was TURNED OFF by the DNS provider)




it tells you who deleted or blocked you from their MSN (Live) Messenger contacts.

BUT DO NOT LOG IN!

This is one of the best examples of social engineering I've seen in a while. It looks really professional doesn't it. You are going to log in with your Windows Live messenger credentials (your Passport account, essentially - are you SURE you want to do this?). It will give you a list of all your contacts from the very beginning, and whether they are blocked or not. They could be using DotMsn - this is easy to do. Fine. Unfortunately it doesn't stop there. It will proceed to message every account (from you!) telling them about itself. You have no idea what else it may do with your credentials. I repeat: you have no idea what they will do.

I quote from their site:
"Is it safe? Absolutely. Messenger-Tips.com does not save your mail address, your password or contact list. The data you enter is just used to retrieve the requested info and discarded immediately. If you still feel insecure change your password temporarily before using this tool. "

It must be true, right? After all, you just read it on the Internet! GET REAL!

RECOMMENDATION: IF YOU DIDN'T LISTEN TO ME, CHANGE YOUR PASSWORD.

Thanks to my friend John Bailey for the heads - up on this one.

BTW, here are the people that run this little spam /scam deal:

Domain Name: MESSENGER-TIPS.COM
Registrant: Virtus Offshore Investment Co. Virtus Offshore Investment Co. (private@voichaven.com) Suite 2007 20th Floor The Century Tower Ave Ricardo J. Alfaro Panama City Panama,- PA Tel. +507.2051616
Creation Date: 02-Apr-2007 Expiration Date: 02-Apr-2008
Domain servers in listed order: ns2.ipnames.net ns1.ipnames.net
Administrative Contact: Virtus Offshore Investment Co. Virtus Offshore Investment Co. (private@voichaven.com) Suite 2007 20th Floor The Century Tower Ave Ricardo J. Alfaro Panama City Panama,- PA Tel. +507.2051616
Technical Contact: Virtus Offshore Investment Co. Virtus Offshore Investment Co. (private@voichaven.com) Suite 2007 20th Floor The Century Tower Ave Ricardo J. Alfaro Panama City Panama,- PA Tel. +507.2051616
Billing Contact: Virtus Offshore Investment Co. Virtus Offshore Investment Co. (private@voichaven.com) Suite 2007 20th Floor The Century Tower Ave Ricardo J. Alfaro Panama City Panama,- PA Tel. +507.2051616
Status:ACTIVE