How do I get rid of MSN: check out these awesome pics from the awesome party LOL

[patteo]

From time to time I would get a MSN message that goes somewhere along the line :

Irene said:
ireneslim check out these awesome pics from the awesome party LOL   http://patteo.abcdefgpr__ime-party-pics.com

Of course if I click the link, I will probably end up at a Malware site.

I asked my friend Irene whether she sent the link and she said no.

Then she remembered that she one day out of curiosity, clicked a similar link from a niece of hers and then after that I started receiving such messages from her MSN account.

She said she has scanned her computer thoroughly with avg but has not detected any malware.

Has anyone any clue on how my friend can get rid of what is obviously some infection somewhere ?

[Mary101]

I cannot veiw this link page.

[f0dder]

The problem is that your friend was probably stupid enough to fill in her MSN email-address and password, which the site says you have to do in order to view those "OMG AWESOME PARTY PICTURES!11! one one". When that is done, the "service" will from time to time log on with her msn account, fetch her contact list, and spam the pepole on the list.

Tell her to go to the MSN Live site (or whatever it's called) and change her MSN password - that's the only way to get rid of it. And educate her a bit about online security (AFAIK the sites don't install malware, or at least it's not the malware that's responsible for the spamming - my guess is the point of the crap is to drive traffic and gain advertisement money).

Oh yeah, btw, tell her to uggrade to firefox3 as well - that'll give her ""This web site at URL has been reported as a web forgery and has been blocked based on your security preferences." in the future.

[patteo]

I cannot veiw this link page.

-Mary101 (December 29, 2008, 10:30 PM)

That is not the actual link.

I changed it a bit so that no one actually gets to the "compromised" site by clicking on the link.

I wanted to know if someone has an answer to this problem - I'm not asking anyone to try the link.

[f0dder]

patteo: it doesn't matter that you changed the subdomain, the site has a catch-all so that anything.thatbadsite.com will go to their crapware - you better edit the URL some more, and make sure it's not hyperlinked here on the forum.

[patteo]

The problem is that your friend was probably stupid enough to fill in her MSN email-address and password, which the site says you have to do in order to view those "OMG AWESOME PARTY PICTURES!11! one one". When that is done, the "service" will from time to time log on with her msn account, fetch her contact list, and spam the pepole on the list.

Tell her to go to the MSN Live site (or whatever it's called) and change her MSN password - that's the only way to get rid of it. And educate her a bit about online security (AFAIK the sites don't install malware, or at least it's not the malware that's responsible for the spamming - my guess is the point of the crap is to drive traffic and gain advertisement money).

-f0dder (December 29, 2008, 10:35 PM)

She assured me she was not dumb enough to fill in her MSN email address and password, other than to click the link.

Anyway, she has gone to reset her password and if that does not solve it, I have asked her to go through the hassle of choosing a new MSN name.

[fenixproductions]

2patteo
Attached link leads to phishing site (PHISH/MSN.B as reported by Avira). I would advise your friend to change her MSN password ASAP because I think it could be compromized.

Edited: little too late...

[patteo]

patteo: it doesn't matter that you changed the subdomain, the site has a catch-all so that anything.thatbadsite.com will go to their crapware - you better edit the URL some more, and make sure it's not hyperlinked here on the forum.

-f0dder (December 29, 2008, 10:39 PM)

OK Done - changed. Thanks for the warning

[f0dder]

She assured me she was not dumb enough to fill in her MSN email address and password, other than to click the link.

-patteo (December 29, 2008, 10:40 PM)

I would probably have been too embarrassed to admit having done so myself... but that's the way it works. That is, unless they've started feeding you malware that simply has the purpose of grabbing your msn login information - which would only work if you have auto-login enabled. And I somehow doubt that, since there would be much more interesting malware you could drop on the user's box then

Tell her that everybody makes mistakes, but that she should never again disclose any kind of login information except at official sites... and that an official site will never send emails asking for login information... and get her to use FireFox3 + AdblockPlus. Then she'll be in a lot safer world.

[patteo]

She assured me she was not dumb enough to fill in her MSN email address and password, other than to click the link.

-patteo (December 29, 2008, 10:40 PM)

I would probably have been too embarrassed to admit having done so myself... but that's the way it works. That is, unless they've started feeding you malware that simply has the purpose of grabbing your msn login information - which would only work if you have auto-login enabled. And I somehow doubt that, since there would be much more interesting malware you could drop on the user's box then

Tell her that everybody makes mistakes, but that she should never again disclose any kind of login information except at official sites... and that an official site will never send emails asking for login information... and get her to use FireFox3 + AdblockPlus. Then she'll be in a lot safer world.

-f0dder (December 29, 2008, 10:47 PM)

Thanks:
She uses only Internet Explorer 7.

She is like most people who will not take the trouble to switch to Firefox ie, they ain't the Early Adopters type.

I suspect, many of us on Donationcoder.com would be on Firefox, with Noscript, Adblock Plus etc.

[f0dder]

Well, try nudging her in the right direction anyway, telling her that it'll reduce the risk of getting infected or scammed in the future

[app103]

From my quick research on that original url (the essential part before you changed it), f0dder is absolutely right. There are only a few results (non-english) and the only one that seems to suggest anything as a solution says to just change the MSN password.

http://translate.goo...sta.org%2F%3Fp%3D214


No matter what browser she uses, it won't protect her from doing something stupid like entering her username/pass where she shouldn't even be.

The best antivirus is common sense. Educate her and you'll be providing her with a free upgrade. 


btw, I don't use Adblock Plus...I prefer Ad Muncher, since it works with any browser and any application, not just one browser or only browsers. It works with Firefox, IE, Chrome, K-Meleon, Opera, Sleipnir, AOL, Maxthon, and even browsers you never heard of, including whatever browser that might be released tomorrow morning or even a home brewed browser. It even removes ads from MSN, AIM, Yahoo widgets, Yahoo messenger, RSS readers, etc. It's a full system ad blocker. While it does not require the Firefox extension to block ads, it is required if you want the ability to use the Firefox context menu to add a page as an exclusion (otherwise you have to enter it manually from the main application window). Works great with IE and the context menu entries are already there by default, once Ad Muncher is installed.

If she insists on using IE, I would suggest she get Ad Muncher AND either McAfee Site Advisor or WOT (Web Of Trust).

[Hirudin]

I consider myself a pretty big computer nerd, and I fell for some Phishing recently... I think.

As a dabbler in several web services I had a Blockbuster Online (BBO) account for a while. One way or another I decided it didn't fit my needs so I canceled it and started up with Netflix again. Well low* and behold I get this e-mail that says something along the lines of "Sign back up with Blockbuster Online and we'll send you $25 to your PayPal account!" I'm 90% sure Blockbuster has actually run promotions like this before, so I didn't think much of it. I was on the fence as to whether I wanted to sign up again so I kept the message.

Well, somehow I remembered the expiration date of the promotion. On the last day I decided to give it a shot. I opened up the e-mail and clicked on the link. I've had Thunderbird warn me of "suspicious" web links, but I'm not sure if that feature was implemented in the version I was using. One way or another, no "hey dummy, this isn't the address you think it is" message popped up. I proceeded to enter my username and password (actually KeePass did) and I clicked the "sign me back up" button.

About 3 minutes later I realized that I didn't actually check the link. When I did check it, I noticed it went to some strange URL (I don't remember what it was). I immediately changed my PayPal password (KeePass' password generator is great) and my BBO password. Then I sent a message to BBO inquiring as to whether it was a legitimate promotion or not, to which I received a canned, unhelpful response.

Anyway, sorry to go off topic... I just figured that I'd try to ease the shame of being phished a little. Show your friend all my nerdy posts if you want .

Thanks to the non-helpful BBO e-mail response I'm not even sure it wasn't a real promotion. I did some searching and all I could find was a person from around a year earlier with a similar e-mail, that linked to the exact same domain, that was also wondering about the legitimacy of the whole thing. I was using Firefox at the time, I was pretty disappointed the big, red warning didn't pop up alerting me I was about to do something stupid.

*I have a feeling that's not the correct spelling of "low"

[f0dder]

No matter what browser she uses, it won't protect her from doing something stupid like entering her username/pass where she shouldn't even be.

-app103 (December 29, 2008, 11:28 PM)

FF3 will warn against (already identified) phishing sites, though...

Personally I prefer the FF3/AdBlockPlus to admuncher. Admuncher is payware, does winsock hooking (which might work fine, but isn't my cup of tea), and I only need adblocking in my browser anyway. YMMV , but FF3+ABP is a really fine combination.

[tomos]

*I have a feeling that's not the correct spelling of "low"

-Hirudin (December 30, 2008, 02:33 AM)

I think it's "Lo" but I couldnt tell you  why :-)

EDIT/ we're talking about the expression "Lo and behold!"