Nasty IM Spam Sites Comin' at ya - UPDATE!

NOTE: It only took the DNS provider an hour or so to shut these bastards down. Good Riddance! I'm leaving the post up for educational purposes. Don't give out your Windows Live ID (Passport) or other credentials to any site unless you absolutely know who they are. In this case, you are getting a message from a trusted friend to go visit this site. That's social engineering.

UPDATE 7/28/2007: These guys are back with a new domain and a new provider, and now they have EVEN MORE "FAQ" like stuff to try and convince you that they aren't "Phishing".
TRUST ME: THEY ARE:
http://www.messenger-tips.com/

Visit this site:
http://msnlive.bounceme.net/ (This domain was TURNED OFF by the DNS provider)




it tells you who deleted or blocked you from their MSN (Live) Messenger contacts.

BUT DO NOT LOG IN!

This is one of the best examples of social engineering I've seen in a while. It looks really professional doesn't it. You are going to log in with your Windows Live messenger credentials (your Passport account, essentially - are you SURE you want to do this?). It will give you a list of all your contacts from the very beginning, and whether they are blocked or not. They could be using DotMsn - this is easy to do. Fine. Unfortunately it doesn't stop there. It will proceed to message every account (from you!) telling them about itself. You have no idea what else it may do with your credentials. I repeat: you have no idea what they will do.

I quote from their site:
"Is it safe? Absolutely. Messenger-Tips.com does not save your mail address, your password or contact list. The data you enter is just used to retrieve the requested info and discarded immediately. If you still feel insecure change your password temporarily before using this tool. "

It must be true, right? After all, you just read it on the Internet! GET REAL!

RECOMMENDATION: IF YOU DIDN'T LISTEN TO ME, CHANGE YOUR PASSWORD.

Thanks to my friend John Bailey for the heads - up on this one.

BTW, here are the people that run this little spam /scam deal:

Domain Name: MESSENGER-TIPS.COM
Registrant: Virtus Offshore Investment Co. Virtus Offshore Investment Co. (private@voichaven.com) Suite 2007 20th Floor The Century Tower Ave Ricardo J. Alfaro Panama City Panama,- PA Tel. +507.2051616
Creation Date: 02-Apr-2007 Expiration Date: 02-Apr-2008
Domain servers in listed order: ns2.ipnames.net ns1.ipnames.net
Administrative Contact: Virtus Offshore Investment Co. Virtus Offshore Investment Co. (private@voichaven.com) Suite 2007 20th Floor The Century Tower Ave Ricardo J. Alfaro Panama City Panama,- PA Tel. +507.2051616
Technical Contact: Virtus Offshore Investment Co. Virtus Offshore Investment Co. (private@voichaven.com) Suite 2007 20th Floor The Century Tower Ave Ricardo J. Alfaro Panama City Panama,- PA Tel. +507.2051616
Billing Contact: Virtus Offshore Investment Co. Virtus Offshore Investment Co. (private@voichaven.com) Suite 2007 20th Floor The Century Tower Ave Ricardo J. Alfaro Panama City Panama,- PA Tel. +507.2051616
Status:ACTIVE

Comments

  1. Anonymous2:49 PM

    Panama bastards!!

    ReplyDelete
  2. peterbromberg3:21 PM

    Umm, calm down, fanboy.

    ReplyDelete
  3. Anonymous7:57 PM

    Is it possible for you to turn off those stupid hover over images or they come with the blog, I can't click on a link without clicking 10 times on your blog because they get in the way of the mouse!!

    A fan of your blog.

    ReplyDelete
  4. Anonymous4:47 AM

    If a man comes to your front door and says he is conducting a survey And asks you to show him your bum, do not show him your bum. This is a scam. He only wants to see your bum. I wish I had got this yesterday. I feel so stupid and cheap. -The Bum http://www.widgetmate.com/posters Some of the best images available for free.

    ReplyDelete
  5. peterbromberg6:16 AM

    Anonymous:
    I have no "hover over" images here. You must be thinking about someplace else. Or, you've caught some malware!

    ReplyDelete
  6. peterbromberg6:18 AM

    Bum,
    Don't feel stupid and cheap - I suckered too, and it's because the social engineering made it come from your friends, whom you trust.

    Phishing filter didn't even work on this particular site.

    ReplyDelete
  7. Robbe Morris7:14 AM

    Yes, you do have the hover images and they are incredibly annoying.

    If you hold your mouse over a link long enough, it begins to trigger. It is the package you use to preview the page before the link is clicked.

    ReplyDelete
  8. Anonymous8:33 AM

    "Is it possible for you to turn off those stupid hover over images or they come with the blog, I can't click on a link without clicking 10 times on your blog because they get in the way of the mouse!!"

    I have the same issue, hover over to any link on your blog brings up a preview image of the link (it says 'powered by snap shots'
    http://www.snap.com/?source=petesbloggerama.blogspot.com&campaign=shot_bsblogo!!petesbloggerama.blogspot.com
    )
    That is really annoying as it would not allow you to click on the link.

    Note: I am on IE 6.

    Grewal.

    ReplyDelete
  9. peterbromberg9:06 AM

    Ah, now I know what you are talking about. Those image popups each have a url link at the top that you can click. However, if more people complain I'll take them out. I thought they were useful, but in the big scheme of things I really do not care. The reader is more important.

    ReplyDelete
  10. peterbromberg6:41 AM

    I took the "hover images" out. I'm convinced that any value they added was being more than offset by the annoyances.

    ReplyDelete
  11. Anonymous2:52 PM

    I was stupid enough to fall for this stupid scam... I changed my password, will it keep sending messages/spam to my contacts as me now?

    ReplyDelete
  12. peterbromberg2:57 PM

    No, because it would not be able to log in with the original credentials you provided.

    ReplyDelete
  13. Anonymous7:31 PM

    These people in Panama are also involved with a HYIP site. They have failed to pay me todate. Smartertrades is their name. Beware! HJM

    ReplyDelete
  14. peterbromberg7:36 PM

    Well! That doesn't surprise me at all. Go after them man! Shut them down. I'm sick of this el cheapo Internet Mafia bullshit. Peons!

    ReplyDelete
  15. Anonymous8:52 AM

    The whois address is the same as used by the RBN.

    ReplyDelete
  16. Anonymous8:54 AM

    IE6? You're visiting an avant-garde blog and you're running a M$ browser?

    ReplyDelete

Post a Comment

Popular posts from this blog

Some observations on Script Callbacks, "AJAX", "ATLAS" "AHAB" and where it's all going.

I've taken a more than cursory interest in the whole Remote Scripting (.NET species) vs. AJAX and now ATLAS discussion, mostly because I started using Remote Scripting since Microsoft first released it, and because I continued to refine it after seeing Brent Ashley's excellent work with JSRS, which was one of the first "real" cross-browser solutions back in 2000 (that's the turn of the Century for you history buffs). Now Bertrand Leroy, a Microsoft guy whose work I like , has authored some very interesting ASP.NET 2.0 script callback stuff that he points to on his blog, and he is obviously (at least, to me he is) involved quite heavily in the development of this new ATLAS infrastructure that they'll preview at PDC. Leroy's most recent post brings to the surface what I agree are the major differences between the "AJAX a - la .NET" approach as popularized by Michael Swartz with his AJAX.NET library, and Leroy's RefreshPanel, the ASP.NET 2.0 b
Read more

IE7 - Vista: "Internet Explorer has stopped Working"

Image
This one was a bitch. All of a sudden for no reason at all, out of the blue, I get this dialog "internet Explorer has stopped working". I didn't install any new software, crap- I didn't do anything! So here I am using FIREFART to go on the internet and find out what to do! Damn! Good thing I've got the sucker on the same machine (I'm not "anti-Firefox", i just don't use it that much except to check my page renderings). The Fix The fix (at least for me): 1) Go into Control Panel, and choose "Internet Options". 2) Under the "Advanced" tab, press the "RESET" button at the lower right: Don't ask me why this happens, or why the fix works. That's a BUG, D00D - I don't care how you slice it!
Read more

FIREFOX / IE Word-Wrap, Word-Break, TABLES FIX

One of the most annoying things a developer (who would normally delight in writing code, not futzing with markup) can have is getting rendering issues between different browsers. The two biggest players are of course Internet Exploder and Firefart (as I lovingly like to refer to each). In most cases that's going to take care of 98 percent of your total site traffic. IE has had a proprietary "word-break" style attribute for a long time, and this made it into the CSS 3.0 spec. But that doesn't necessarily help you with Firefox right now. Firefox literally - (and I consider this completely idiotic, since it's been in their bug database for FIVE YEARS) does not have a reliable CSS style element to force table cell content to break in the middle of a word in order to stop the content from expanding your table / div off the page or over other content on the page. Here's a partial fix, which will work for most tables and browsers. The style declaration (I call it m
Read more