Recently, we discovered an increase in spam and phishing sites related to the MSN Messenger or rather the Windows Live Messenger. There is a new wave of spam with fake friend requests and fake sites with shady services to uncover possible disloyal messenger friends.
The e-mails flooding into our systems lure the recipients with subject lines like:
The list of different names is very long. The included links, as far as the referral sites are still active, all lead to a software selling site with a Russian TLD: buy-softwarestore.ru
This store is known to operate with various similar domains to attract customers with insanely cheap prices for high quality software products. It is, of course, not a good idea to leave any personal information or even credit card information on this site and to attempt to buy software.
In addition, the other observation we made refers to phishing sites which try to get IM user credentials by offering a kind of spy service. There are two different services on offer. By providing your account’s user name and password you may…
Using a generic test account ("Michael") to try out these services returned disappointing results, as expected. The “who-blocked-you” service was not able to identify that, from the two contacts on Michael’s list, one actually blocked him and one did not. The names were both listed.
And the “who-deleted-you” service did not even post any information about contacts – it just asked the user to wait until the page was completely loaded. Well, it was loaded immediately and nothing else happened.
But, even several hours later, none of the used services logged into Michael’s account, yet. Should it be true, that they do not save or use any credentials for anything else than the contact list checks? We will see. But probably, Michael’s account is not interesting enough, with only two contacts.