Recently, we discovered an increase in spam and phishing sites related to the MSN Messenger or rather the Windows Live Messenger. There is a new wave of spam with fake friend requests and fake sites with shady services to uncover possible disloyal messenger friends.
The e-mails flooding into our systems lure the recipients with subject lines like:
The list of different names is very long. The included links, as far as the referral sites are still active, all lead to a software selling site with a Russian TLD: buy-softwarestore.ru
Using a generic test account ("Michael") to try out these services returned disappointing results, as expected. The “who-blocked-you” service was not able to identify that, from the two contacts on Michael’s list, one actually blocked him and one did not. The names were both listed.
And the “who-deleted-you” service did not even post any information about contacts – it just asked the user to wait until the page was completely loaded. Well, it was loaded immediately and nothing else happened.
But, even several hours later, none of the used services logged into Michael’s account, yet. Should it be true, that they do not save or use any credentials for anything else than the contact list checks? We will see. But probably, Michael’s account is not interesting enough, with only two contacts.