Microsoft recently announced the shutdown of its popular IM client MSN Messenger, which will be replaced by Skype, but its end represents the beginning of malicious attacks posing as the installer of the software. Cybercriminals already started to use this fact in their attacks, registering malicious domains, buying sponsored links on search engines, tricking users to download and install a malware masquerade as the MSN installer.
MSN Messenger is still very popular in several countries; Microsoft informed that the service has more than 100 million users worldwide, approximately 30.5 million of them in Brazil. As an escalated migration of all users is planned, it's getting harder to find the installer of the program and this is the window of opportunity exploited by Brazilian cybercriminals aiming to infect users looking for the software.
In a simple search on Google for "MSN messenger" the first result displayed is sponsored link of a malicious domain aiming to distribute the fake installer, which is actually a Trojan banker:
The domain was registered with fake data:
If you visit the site, this is the content displayed:
And here the download of the fake MSN installer:
Other malicious domains created with the same purpose, some of them already deactivated, are as follows:
baixarmsndownload.com.br downloadmsnbaixar.com.br msnmessengerlive.com.br
We believe this is the first of several expected attacks that use the end of MSN Messenger as bait.
As we approach April 8, the day chosen by Microsoft to permanently shutdown the service (April 30th in Brazil), we advise all users to avoid looking for the MSN installer and migrate their account(s) to Skype. And the sooner the better to avoid becoming victims of attacks like this.
2013 Mar 21, 14:07
Hi Fabio Assolini
2013 Mar 31, 08:49
Malware - MD5
Re: Malware - MD5
Hello Galoget, in fact there are several files involved in this malicious attacks, below the MD5 of one of them:
The malware is a common Brazilian trojan banker.
Re: Re: Malware - MD5
Ok, thank you very much, it was useful! =)
2013 Apr 06, 11:31
Possibility of Malware attacks in Skype's Mobile Version ?
Couple of years ago, skype launched their "Lite" version app for J2ME. But later, they closed this service and now the same app shows "cannot be connected to the server" while trying to connect. But when we are searching for a Skype App for Java, there are many results. I do not know more of the technical aspects, but is there any malware that can infect a JAR file and store user data inputs (Login id and password) ? Please do reply