Apr 30 2008
Phishing Sites Exploit MSN Messenger Users
![[Bloglines]](http://www.yeasir.com/blog/wp-content/plugins/bookmarkify/bloglines.png)
![[del.icio.us]](http://www.yeasir.com/blog/wp-content/plugins/bookmarkify/delicious.png)
![[Digg]](http://www.yeasir.com/blog/wp-content/plugins/bookmarkify/digg.png)
![[Facebook]](http://www.yeasir.com/blog/wp-content/plugins/bookmarkify/facebook.png)
![[Furl]](http://www.yeasir.com/blog/wp-content/plugins/bookmarkify/furl.png)
![[Google]](http://www.yeasir.com/blog/wp-content/plugins/bookmarkify/google.png)
![[Ma.gnolia]](http://www.yeasir.com/blog/wp-content/plugins/bookmarkify/magnolia.png)
![[MySpace]](http://www.yeasir.com/blog/wp-content/plugins/bookmarkify/myspace.png)
![[Newsvine]](http://www.yeasir.com/blog/wp-content/plugins/bookmarkify/newsvine.png)
![[Reddit]](http://www.yeasir.com/blog/wp-content/plugins/bookmarkify/reddit.png)
![[Sphere]](http://www.yeasir.com/blog/wp-content/plugins/bookmarkify/sphere.png)
![[StumbleUpon]](http://www.yeasir.com/blog/wp-content/plugins/bookmarkify/stumbleupon.png)
![[Technorati]](http://www.yeasir.com/blog/wp-content/plugins/bookmarkify/technorati.png)
Just confirmed with an MSN buddy that he’s ‘infected with’ a new MSN link-sharing ‘virus’. As a matter of fact, I myself was fooled by this very thing a couple of weeks ago when I got a message from a close friend on MSN that contained a link to ‘her personal page’.
The message ran as follows:
“hii.. check out this.. http://real.amazing-stuff.info .. brb he!!”
Since this was from my close friend, and she’s immediately offline when I got these, I guessed s might be in a hurry and hoped to connect with me using some social network, so I clicked on the link and it brought me to a web page that required me to sign in using my MSN user name and password. The page had detailed service terms and ‘report abuse’ email and told me:
We may temporarily access your MSN account to do a combination
of the following:
1. Send Instant Messages to your friends promoting this site.
2. Introduce new entertaining sites to your friends via Instant Messages.
Again, since it’s ‘recommended’ by my close friend, I logged in and set up some personal page there. But since it was not very attractive, I logged off and never went there again afterwards. But my user name and password were already stolen!
I realized this on the second day when my MSN messenger automatically logged off saying another user had logged in. This is the ONE security feature of MSN messenger I love. (Skype wouldn’t prompt you anything like this when a thousand other users logged into your account and eavesdropped on your chats!) Then I changed my password. I suspect the hacker site used my credential to send similar links to all my contacts that day.
However, if not today another victim sent me a message (also when he’s offline!) as follows, I wouldn’t associate these things together:
“http://username.very.c0o0lthing.info”
I immediately sent a message back to him asking if he knew about this. When he was back online he confirmed that it was some kind of ‘virus’ he got from other MSN users.
Technically speaking, this is not a virus, but phishing. Phishing sites fake other sites to steal your personal information and use them to access your accounts such as email, PayPal or Moneybookers accounts.
In this very case, the hidden criminals’ true intention is not using your email account to spread their links. Since many people use the same password for their email and other accounts such as PayPal, they could easily obtain your private financial information.
If you experienced a similar situation recently:
- make sure you post a status message in your MSN messenger warning all contacts not to click on any links you send out before verification;
- change your MSN password immediately and change the password of other accounts that share the same password.
- help to spread the warning by blogging about it, digging this and other related articles to fight against further phishing attempts.
The phishing site page looks like the following:
The site claims to be TST Management Inc. And here are three domain names they used (They probably use tons of other domains for such purposes) and related information:
1. pr0filepix.info
Domain ID:D24638073-LRMS
Domain Name:PR0FILEPIX.INFO
Created On:29-Apr-2008 12:16:31 UTC
Last Updated On:29-Apr-2008 12:54:46 UTC
Expiration Date:29-Apr-2009 12:16:31 UTC
Sponsoring Registrar:eNom, Inc. (R126-LRMS)
Status:TRANSFER PROHIBITED
Registrant ID:d5574c1883d
Registrant Name:Mark Bradley
Registrant Organization:TST Management, Inc
Registrant Street1:edificio Magna Corp - 5th Floo
Registrant City:PANAMA
Registrant State/Province:PANAMA
Registrant Postal Code:0000
Registrant Country:PA
Registrant Phone:+1.2021577
Server IP: 210.56.53.224
Hong Kong - Dedicated Internet Access (sunhk Datacenter)
Registrant Search: “TST Management, Inc” owns about 85 other domains
2. 1FP9.INFO
Domain ID:D18304546-LRMS
Domain Name:1FP9.INFO
Created On:07-Jun-2007 10:10:35 UTC
Last Updated On:21-Apr-2008 12:59:51 UTC
Expiration Date:07-Jun-2008 10:10:35 UTC
Sponsoring Registrar:eNom, Inc. (R126-LRMS)
Status:OK
Registrant ID:90f98cddfd4
Registrant Name:Jeff Fisher
Registrant Organization:TST Management, Inc
Registrant Street1:Room 1204, 12/F, Shanghai Ind.
Registrant Street2:
Registrant Street3:
Registrant City:Panama City
Registrant State/Province:Panama
Registrant Postal Code:0000
Registrant Country:PA
Registrant Phone:+507.2021577
Server IP: 216.52.184.243
Washington - Redmond - Enom
3. c0o0lthing.info
Domain ID:D24611209-LRMS
Domain Name:C0O0LTHING.INFO
Created On:27-Apr-2008 15:25:13 UTC
Last Updated On:27-Apr-2008 15:25:26 UTC
Expiration Date:27-Apr-2009 15:25:13 UTC
Sponsoring Registrar:eNom, Inc. (R126-LRMS)
Status:TRANSFER PROHIBITED
Registrant ID:999AD5DB09046351
Registrant Name:Peter Call
Registrant Organization:Blue China Group, Ltd
Registrant Street1:Room 1204, 12/F, Shanghai Ind.
Registrant Street2:Investment Bldg.,
Registrant Street3:48-62 Hennessy Road
Registrant City:Wanchai
Registrant State/Province:HK
Registrant Postal Code:0000
Registrant Country:HK
Registrant Phone:+852.94230671
Server IP: 65.39.175.61
Quebec - Montreal - Qitx Inc
Registrant Search: “Blue China Group, Ltd” owns about 1,669 other domains
*UPDATE*
Thanks to all visitors who provided further phishing addresses as follows (also see comments). I believe we can dig out all those bad urls soon ;):
“adp0int.info”
“real.awesome-stuff.info”
“cache2.imagehosters.info”
“h0st3d.on.prof1lepix.info”
“save.p1ctures.info”
“fr1endp1cs.info”
“username.get.n1ce4ds.info”
“username.likes.ch33se.info”
“down.l0ader.info”
“was.d1ssed.info”
“arm18618.this.are.the.fri3ndp1x.info”
“ch3k3r.info”
“ch3ck3r.info”
“username.the.great-th1ng.info”
“username.partyp1x.info”
“username.1ik5.info”
“username.found.some.c0o0ol5tuff.info”
“username.awes0me.info”
“fileho5t.info”
“m33tpoint.info”
“checkdiz.info”
“snapsh0t.info”
“ther1ng.info”
“greatblockier.info”
“blockierteplatz.info”
“t0nez.info”
“c0mpics.info”
“jumphost.info”
“flatl1ne.info”
“g4ng.info”
“b4ng.info”
“h0stp1cs.info”
If you know any other phishing urls of this MSN messenger scam, please leave a voice or video comment below. (The text comment function crashed my database and many comments got lost.) I’ll update this post.
*UPDATE-1*
Eric translated part of this post into German. If you are not comfortable with English and would like to read German, please visit: http://erichaas.spaces.live.com/blog/cns!20AE01BBC9DF0C0!1014.trak for the German version. Translation into other languages is also welcomed. Please link back to this article and let me know your post address and I’ll add it to this list. Thanks for your help!
*UPDATE-2*
Interesting registrant name of one of its domains (see below):
Domain ID:D24997781-LRMS
Domain Name:THER1NG.INFO
Created On:30-May-2008 14:57:47 UTC
Last Updated On:31-May-2008 10:02:05 UTC
Expiration Date:30-May-2009 14:57:47 UTC
Sponsoring Registrar:eNom, Inc. (R126-LRMS)
Status:TRANSFER PROHIBITED
Registrant ID:47429cff5a9
Registrant Name:Jeff Fisher
Registrant Organization:TST Management, Inc
Registrant Street1:Edificio Magna Corp. 5th Floor
Registrant Street2:
Registrant Street3:
Registrant City:Panama City
Registrant State/Province:Panama
Registrant Postal Code:0000
Registrant Country:PA
Registrant Phone:+507.2021577
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
//-->
Related Stories:
74 Responses to “Phishing Sites Exploit MSN Messenger Users”
Hi! I have the same problem, I was stupid and logged in…can this be fixed by changing the .NET password, or is there any other way to fix this?
Jianjun reply on May 3rd, 2008 7:36 am:
Hi Lea,
You need to change your .NET password immediately. If this password is shared with other services. Immediately change all those passwords too.
Zapnl reply on June 1st, 2008 6:13 pm:
link i got from someone in the USA, new mexico:
username.bl1ng.info
(I’m in the Netherlands, btw, so it has spread far, i guess)
It’s awful! Lately I visited my closed friend’s blog & want to leave a short comment. Guess what? There got a new comment within a links. I clicked it with no doubt. It came out some kind of Hack program the “online visitor” get high. Just a second from 2 up to 20. I close the file immediately. Later I told my friend ask to del that comment. Thanks God there were no harm cause by that.
Jianjun reply on May 3rd, 2008 12:30 pm:
Randy,
If your friend runs WordPress, tell him/her to enable moderation and install a plug-in called Akismet, which is a SPAM comment filter. Besides this, disabling the Ping function may also help.
I check every URL in each comment on my post. If in doubt, I simply delete the comment or the URL.
I guess this will help ensure more security for my readers and myself.
BTW, I just added 輪遞的空間 to my links.
Jianjun
Randy reply on May 3rd, 2008 7:08 pm:
Thanks I got it. Thanks again for your links.
Thank you for the info. I got very close to being infected myself. My friend sent me this link
“usernamehere.found.some.c0o0ol5tuff.info ” (Don’t click guys, seriously)
Being suspicious, i tried to look it up but accidentally clicked it. I managed to push the back button before anything could load and luckily nothing happened. I was worried that it was a virus, and if anything happens, I’ll be on the lookout.
Thanks again.
Some more dangerous URLs:
adp0int.info
real.awesome-stuff.info
cache2.imagehosters.info
Other URL’s I got from a friend:
h0st3d.on.prof1lepix.info
save.p1ctures.info
adp0int.info
All of these were sent prefixed with the user’s msn name.
Obviously, you’d want to block the top-level domains “prof1lepix.info”, “p1ctures.info” etc.
One more MSN phishing URL:
username.get.n1ce4ds.info
Thanks for a good article.
Don’t click the following link which appears one Google 1º result page, searching “TST Management, Inc.”
Clicking on it, it asks my firewall to accept opening some .exe file:
“MSN E-Mail ] [ MSN Password ] - By logging in you accept the Terms …
Terms of Use / Privacy Policy: By filling out this form, you authorize TST Management, Inc to spread the word about this 100% real and upcomming Messenger …
arm18618.this.are.the.fri3ndp1x.info/ - 6k - Cached - Similar pages”
I just got this one:
username.likes.ch33se.info
I got this one:
jemimus.was.d1ssed.info/
one of my contacts got this from me
tescarim@ch3k3r.info
and this one : username.ch3ck3r.info
jianjun thanks for the information!
i got this virus to, so what we can do? I already change my password, so my friends gonna stop to receive the link?
can make disaster in ours computers?
I got this two
username.pr0filepix.info (dont open!!!)
and
username.the.great-th1ng.info (dont open)
again thanks
I have gotten the virus or trojan from MSN instant messanger , does any one know how to get rid of this ? I have changed my pass words to all my accounts but is there some thing else I can do ?
Hi Jianjun,
another domain is called:
username.partyp1x.info
Received an im right a few seconds ago.
Thx and best wishes,
Eric
jianjun thanks for the information!
my wife got this.
her messenger sent it to me and i instantly knew what it was.
my wife is falling for im worms alot.
here is another one.
username.1ik5.info
an interesting thing here.
one of the pages it sent to her to open was a page to put in her phone number.
she did and now all her pre-paid credit is gone, it keeps spamming her phone with premium sms charges.
thx @jianjun….I got this like @eric write…with party1…etc.
And also I was login in….I am stupid…
My friend send me your link and I read what you write….THANK YOU again !!!…
I change pass for MSN….but I don`t have PayPal or any kind of account with money…
If I see another link I will write here….
Rgd !!!
Thanks Jianjun,
I’m french so forgive me for my spelling mistake please.
I’ve been infected yesterday by the link: username.partyp1x.info (dont try it !!)
I’ve immediately changed my different passwords.
But today I realized that I lost 10 Go of music in my documents..I would like to know if the virus is responsable of that? I guess it’s impossible to have the music again isn’t it?
I gonna install Bitdefender to eliminate this virus, does it the best antivirus?
Thanks.
Here’s another one:
username.awes0me.info
It’s also registered with TST Management. The same person also.
She also sent me one at:
username.found.some.c0o0ol5tuff.info
Which was mentioned by someone else above, but doesn’t seem to have been added to your list.
Thanks for the info! I had her do a virus scan, but it sounds like that wouldn’t have helped. She’s changing her password.
People will appreciate it if you could post any further information about this phishing attempt - any new domains they used or other tricks they employed. Please just leave a comment here and I’ll continue to update the post.
Thank you.
Jianjun
hey, I got phished as well as i told a few days ago.
I changed msn password and no other one cause all the others are different. anyway, today one of my friend told me again that he received this message from me. what else could i change or can i do? i don’t want to quit this account cause i dont want to create another
Jianjun reply on May 25th, 2008 6:47 am:
If you changed password, the phishing site can’t access your MSN account.
Maybe your friend received a delayed offline message from several days ago when the phishing site sent it out.
So there’s no need to worry. Make sure your new password is strong enough by adding *#$ and numbers.
Eric reply on May 25th, 2008 5:14 pm:
Just a tiny addition for all of you how to select a strong, easy to remember, effective and secure password (even for so called “brute-force-attacks”):
1) Look out for a sentence you like most (a sentence or a title of a poem, film- or music-title etc.) - let’s say, you use:
“Indiana Jones and the Kingdom of the Crystal Skull”
2) Now use the first (or last) letter of each word: “IJatKotCS” (in this case it’s the first letter).
3) Select a special char like Jianjun wrote *#$_ and put it right behind the letters. Your password’s now e.g.: “IJatKotCS#”
4) Finally you look for a number you like best - the number of DVDs you own, the age of your girl-/boy-friend, the age of your pet etc. - let’s say you use 34 and put this at the end of your password.
Then you got your final password:
IJatKotCS#34
Believe me - this password will be hard to be cracked and you will always remember it, since only you know the meaning…
Hi Jianjun - just wrote a blogentry to this item in German to ensure German readers to be aware of this - I even integrated the link to your post.
Here’s my permalink:
http://erichaas.spaces.live.com/blog/cns!20AE01BBC9DF0C0!1014.entry
Would be great if you could add this to your trackbacks…?
Thx and best wishes,
Eric
Fyi, a user let me know about a new domain:
fileho5t.info
Best wishes,
Eric
Sorry, Jianjun, for leaving these many comments but there’s another one:
m33tpoint.info
Maybe you put these in your list and delete my posts or combine them in one.
Thx and best wishes,
Eric
Jianjun reply on May 25th, 2008 7:31 pm:
Hi Eric,
Thanks for the feedback and that password tip. I believe visitors will find it rather useful. Your translation of this post into German certainly will help more people who don’t read English. I appreciate the effort!!
I disabled trackbacks outside my own domain to prevent some automated spam. There are so many of them these days.
Have a nice weekend!
Jianjun
First, thanks for all those useful informations about this phishing virus, and i’ll add one domain to this list;
checkdiz.info
Best regards,
B.
Hi there
i got same case with you guys(also my close fd)
however, when i click on the site, it juz doesn’t work
juz couldn’t open it, (for serval times she sent me the link and i couldn’t open it, so i ask my fds, if you wanna bulid up a site, i can help you, coz i know her doesn’t have any idea how to bulid it up)
i didn’t login at all, not like Jianjun
so, am i infected as well?
but i found out someone login to my a/c recently
Jianjun reply on May 26th, 2008 4:22 pm:
Nicole
If your account was logged in by other people, you should change password anyway, although it was probably not by this particular phishing site.
Nicole reply on May 26th, 2008 5:38 pm:
Hi, Jianjun
I juz wondering who did this stupid thing,
(i was thinking would this is issue were generated by some programmes, but today i found it shouldn’t be a programme issue, so, =]..
I just wanna make sure whether is programme or my other fds did it
but anyways, Thanks for your advise =]
Hi!
Just I got this:
julieplout.t0nez.info
from a friend I’ve to Tagged… It just need to be idiot to type its login and passwords on such a page!
username.t0nez.info
my sister got this:
username.t0nez.info
and then will be redirect to:
snapsh0t.info/indexxx.php
Hi Jianjun,
again a new domain:
- t0nez.info
Have a nice weekend and best wishes,
Eric
BTW…thx a lot for mentioning my blog in your update
Hy, I’ve found another…
username.ther1ng.info
A friend told me i’ve been sending out this:
Party Pics.. http://username.ther1ng.infoI remember getting sent it a while ago and clicking on it and nothing happening. I have NEVER inputed my user/password on any site, i would never do anything like that. Perhaps now simply visiting those sites is enough for them to phish you? Seems strange. Anyway, have now changed the password.
Alistair
Hi Juanjin,
a new variant of the phishing websites are coming up!!
These are the new domains:
- greatblockier.info
- blockierteplatz.info
I added a screenshot of the new variants of these phishing sites on my new blog-entry:
http://erichaas.spaces.live.com/blog/cns!20AE01BBC9DF0C0!1022.entry
Thx and best wishes,
Eric
Additional information:
The Phishers are still using the same way - via the Windows Live Messengers and several users informed me about this.
Thx and best wiishes,
Eric
Hi, i’ve got a message from a friend with the link ****.ther1ng.info
after doing a whois I found out this domain is also owned by TST Management
Zuidel
I have experienced the same thing with you. My closed friend sent me the link and I thought the same thing as you and did submitted my login & password for accessing. As I see few pics after login then I know something wrong and I close that window. Then I go back the login page and see the disclaimer (man, is phisher!!!). I search for help and find your site (thank goodness). I follow your instruction and change my MSN .Net password immediately with new strong password. I am also deleting the temporary internet files, history and cookies. Now I am running my AVG Anti-Virus software.
However, I am still feeling uncomfortable on this. May I kindly ask you whether the phisher able to steal anything from notebook remotely? Whether he can gain access remotely to my notebook? Also if he will send similar spam link to my friend? I hope you can help me to answering all these questions with your kind reply. Thank you very much for your great help by providing a safer Internet environment. Keep it up the good work.
Jianjun reply on June 1st, 2008 6:20 am:
Hi Chris,
If your passwords were changed, the phishing guys couldn’t get access to your MSN account. So they couldn’t send offline messages to anybody using your account.
They *fear* that somebody will sue them, so they put up a Terms of Use like that to trick people. They ask you to give them the credentials *voluntarily* but if you changed those, they couldn’t access it anymore.
No I don’t think they can access your notebook remotely in anyway. But running a virus scan and setting up a firewall proactively will always be useful.
Good luck!
Chris reply on June 1st, 2008 7:40 am:
Hi Jianjun,
Many thanks for your prompt reply and great help. I hope that is the case. Anyway I have told that friend to start performing virus check and changing her passwords as I believe she did not realize that she has been victim until now. Just wonder if there is way we can stop these people and drive them out of business. Again, many thanks.
Jianjun reply on June 1st, 2008 8:23 am:
Chris,
This is something new on the Internet - a new form of phishing - they even display a Terms and Conditions which states they are not a phishing site. But they use your MSN friends’ usernames and passwords in the form of MSN offline messages making you believe they are from your friends. Why don’t they state clearly that these messages are sent by them and without even the notice of your friends? Isn’t this phishing?
Sometimes these links contain your friend’s MSN username in the url, giving you the impression that it is a personal social network page. Has your friend created that particular personal page under that address? My friends told me they didn’t. Then it’s still phishing - faking the real site (your friends’ personal pages) to *trick* you into establishing a trust with the site.
Their Terms and Conditions also has the following:
“This agreement shall be construed and governed by the law of the republic of Panama. You expressly consent to the exclusive venue and personal jurisdiction of the courts located in the Republic of panama for any actions arising from or relating to this agreement.”
And it’s unlikely they use the real company name, people’s names, phone numbers or addresses in their domain registration. However, I believe one day these people will be brought to justice.
I am surprised that so many people enter there credentials. I hope they are not so reckless with bank accounts…
Anyway, it’s funny to see that these guys left there server status page open:
http://xxxx.ther1ng.info/server-status
Pretty amazing how much load/connections/traffic this server has.
Jianjun reply on June 1st, 2008 7:13 am:
Siglo
It’s interesting to see the server status of a phishing site. Is there a way to hack into it?
The ssh port is open, if can can guess an account the server is yours
No exploits found at the moment, the box is running linux, openssh 4.3 , vfstpd 2.0.5, lighthttpd 1.4.19
Computer name : localhost-3.local.
Ethernet addr : 00:02:2a:e0:72:d2 (nic vendor is Asound Electronic)
bl1ng.info also points to the phishing site…
bl1ng.info is also used now (you can see it on the status page)
I got almost hacked with it too, my girlfriend sent me a link on MSN with her username followed by bl1ng.info adress… she got hacked already.
But those idiots missed one thing in what are they doing…
Actually, EVERY of their sites has server status open. They will pay soon… Just let people know about their careless actions XD
I got some new ones
youtube.glx.nl/watchv/=LJTwgF9BSYk-youtube.com
myspace.6te.net/britneyspears
[Username].bl1ng.info
[Username].t0nez.info
Also another MSN virus/phishing
“this looks alot like you photos.hollosite.com/viewimage.php?=[Mail]
hey , it’s your image to see there believe yeah ? photos.hollosite.com/viewimage.php?=[Mail]
(The mail, that is being attached is one’s/the receivers msn mail)
username.b0unce.info is another one
…and a new one:
flatl1ne.info
Best wishes,
Eric
Btw… some of the pages are changing their “outfit” (screenshot on my site) and are now selling ringtones fopr tremendous prices.
I’m wondering why Funmobile.com (this is the service where the fishers are obviously affiliates) accepts these people…
Best wishes,
Eric
just got this from someone, it’s now on jumphost.info
Apparently there was a subdomain, so it almost looks real: “messenger_username.jumphost.info”
bleah.
I got this today, some of my brothers children got this viral stuff, or what you shall call it.
The site is lingesbo.jumphost.info in my case.
Got a scary scam also that wants you to enter your cell phone number. If you do, they send out a PIN code that you shall enter to
get “ONE ring tone signal for free”. The page is addressing young people. In Sweden it is very common that young people have their bill payed by their parents.
The scam is cunningly done, since IF you write the PIN, you agree that 7 USD shall be drawn on your bill EVERY WEEK! So they will scam you for 28 USD before you even see that the childrens bill has suddenly increased. And the parent yells at the child…sad.
The company is Hong Kong registered. funmobile.com but they got sites for every country. Like se.funmobile.com.
I did not enter the PIN code, I called the support number. And that guy there sent me a cancellation message. Two times. He got nervous. You could here that.
Hey friends,
My database crashed because there were so many comments last night. Some of the comments were lost.
It’s a pity that this happened but I think it’s advisable that I have to limit comment function. From now on, I suggest you use the video comment - you don’t need to show your face, just record your voice!!
In reply to a Chinese visitor: 这不是病毒,而是钓鱼。未透露用户名和密码给他人就应该是安全的。不过经常查毒也是应该做的。
username.c0mpics.info/login.php#terms
I got a question about this, is there an executable file inside the infected user’s pc? or if this infected users logs in any other computer starts sending this link?
Thanks for your support
Jianjun reply on June 5th, 2008 10:32 am:
Actually the same question has been answered many times above. Currently only your password and username would be stolen if you entered them. Otherwise, you should be safe. But a regular virus scan is always recommended.
i’ve got another 1: p1mped.info
i was also silly enough to click the link and entered my account and password. after that, my msn auto log off as it state my msn was signed in from another location.
i had only changed my password the next day, is it too late? is it QUARANTEED that after i change the password, my account and computer will be safe and there won’t be anymore sending of the link from my msn?
i’ve read all of the comments above, i felt alot better but i still feel insecure. sorry for the trouble but i really need your help.
thanks alot!
I just got one too, 我最討厭這些可惡的 Message…
g4ng.info
g4ng.info for today.
Hi
Got another one from a friend tonight: username.b4ng.info
I clicked on the link but when I saw the website I thought immediatly it was a crap phishing attempt.
And I didn’t enter my login and password cause I’ll never do such a stupid thing!!
I also put an alert on my MSN personnal message to prevent my other friends to click on weird links or enter their login/passwords anywhere.
Sorry for my bad english
My husband clicked on the link he saw from his MSN buddy but did not enter his MSN user name nor password… now he is infected and is sending a phish link to me. Is this phish site getting stronger and can steal passwords without you actually keying it in?
The domain is g4ng.info
today I get new link how can do it something wrong with you computer…(of course I don`t try it but somebody else try it
)
here is link imageshaack.org/img/Picture275.jpg?=mymailadress@hotmail.com
If you can put this link in black list…
Rgd !!!
been recieving various ones from my nephew for months, only thing is that he hasn’t had web access since last November.
so the only way to solve this is to go and delete my msn account and sign up for a new one.
and a question / comment. I keep seeing the word “infected”, however nothing that I have seen points to anything being infected with any kind of virus.
once the Phishing site has your login info, it’s too late to change your password, your contact list is already captured, that will stop them from going back in and looking for new info, but that’s kind of lilke closing the barn door after the horse ran off. all you can really do is to e-mail everyone in your contact list and warn them about the issue, remember knowlage is power. pass it on…..
the website url for this last one is: userxxxx.h0stp1cs.info
I’ve been playing with that server site, (thanks for that by the way) using NeoTracePro, and have come up with some intersting stuff, most of what I’ve found points to a server in Hong Kong, (Sun Networks) and what appears to be some kind of commercial site, with links to u-tube(??) some of you that are good at this sort of thing should check this out if you have NeoTrace or another similar app….
FIRST OF ALL - I wanted to say THANK YOU, Jianjun.
You are so kind, and big of a person to dedicate yourself for the sake of others. thank you.
now, I wanted to say that my History is completley deleted from my messnger. i think it’s from the virus.
and i was wondering, the is a question i didn’t see you answer to anyone, i hope you’ll have an answer for it now… the question is:
“my account and computer will be safe and there won’t be anymore sending of the link from my msn?” & “is it enough to change my password?”
and some others asked the same question… hope to hear from you.
Hope someone will be able to track them down soon, I wonder if anyone could just simply kick their butt by hacking this thing…