English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

The end of MSN Messenger, the beginning of attacks

Fabio Assolini
Kaspersky Lab Expert
Posted March 19, 11:27  GMT
Tags: Instant Messengers, Microsoft
0.4
 

Microsoft recently announced the shutdown of its popular IM client MSN Messenger, which will be replaced by Skype, but its end represents the beginning of malicious attacks posing as the installer of the software. Cybercriminals already started to use this fact in their attacks, registering malicious domains, buying sponsored links on search engines, tricking users to download and install a malware masquerade as the MSN installer.

MSN Messenger is still very popular in several countries; Microsoft informed that the service has more than 100 million users worldwide, approximately 30.5 million of them in Brazil. As an escalated migration of all users is planned, it's getting harder to find the installer of the program and this is the window of opportunity exploited by Brazilian cybercriminals aiming to infect users looking for the software.

In a simple search on Google for "MSN messenger" the first result displayed is sponsored link of a malicious domain aiming to distribute the fake installer, which is actually a Trojan banker:

The domain was registered with fake data:

If you visit the site, this is the content displayed:

And here the download of the fake MSN installer:

Other malicious domains created with the same purpose, some of them already deactivated, are as follows:

baixarmsndownload.com.br
downloadmsnbaixar.com.br
msnmessengerlive.com.br

We believe this is the first of several expected attacks that use the end of MSN Messenger as bait.

As we approach April 8, the day chosen by Microsoft to permanently shutdown the service (April 30th in Brazil), we advise all users to avoid looking for the MSN installer and migrate their account(s) to Skype. And the sooner the better to avoid becoming victims of attacks like this.


5 comments

Oldest first
Threaded view
 

mark117

2013 Mar 21, 14:07
0
 

MSN Messenger

Hi Fabio Assolini

Interesting and Good Read...

I personally have only used MSN Messenger on the odd occasion,
what i am worried about is that do you have to have the upgrade,
i have read a couple of conflicting things online about this exact matter, i have downloaded the Skype application for windows desktop,
if i installed this would i still have, say
Windows Live Mail,
or would the upgrade force the removal of Windows Live Mail as well as MSN Messenger,
i don't really mind/care whether it takes the MSN Messenger or not, i would just like a straight answer as to whether i would lose my Windows Live Mail app, that i do rely on a lot for e-mails and the like every day,
Thank You
mark117

Reply    

Galoget Latorre

2013 Mar 31, 08:49
0
 

Malware - MD5

Hi Fabio,

Good to hear from you again, we were at Cybersecurity for the NextGen in Quito, Ecuador. Good article, could you please publish the MD5 hash of the malicious file please?

And what other effects does this malware do in an infected system?

Reply    

Fabio Assolini

2013 Apr 05, 21:27
2
 

Re: Malware - MD5

Hello Galoget, in fact there are several files involved in this malicious attacks, below the MD5 of one of them:
F03D9AC4F14C8FBFED5CFCDD2BB491 4F

The malware is a common Brazilian trojan banker.

Reply    

Galoget Latorre

2013 Apr 08, 12:43
0
 

Re: Re: Malware - MD5

Ok, thank you very much, it was useful! =)

Reply    

base32

2013 Apr 06, 11:31
0
 

Possibility of Malware attacks in Skype's Mobile Version ?

Couple of years ago, skype launched their "Lite" version app for J2ME. But later, they closed this service and now the same app shows "cannot be connected to the server" while trying to connect. But when we are searching for a Skype App for Java, there are many results. I do not know more of the technical aspects, but is there any malware that can infect a JAR file and store user data inputs (Login id and password) ? Please do reply

Reply    
If you would like to comment on this article you must first
login


Bookmark and Share
Share

Analysis

Blog