We have received a number of cases today regarding the verification of the following New Zealand Web sites:
- hxxp://www.msncheckstatus.tk
- hxxp://www.real-msn.tk
- hxxp://www.instant-messenger.tk
- hxxp://www.msndelete-contacts.tk
- hxxp://www.get-contacts-messenger.tk
Once visited, these sites direct users to hxxp://www.get-messenger.com, a site for Get Messenger. It is a tool capable of logging into MSN Messenger® servers as a regular instant messaging (IM) client. It authenticates users using the user account and password, retrieves his or her contact list, analyses it and shows which contacts removed the user from the contact list.
The following is stated in the site’s FAQ page:
Is Messenger-Tips a Worm?
Definition: A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other nodes (computer terminals on the network) and it may do so without any user intervention. Unlike a virus, it does not need to attach itself to an existing program. Worms always harm the network (if only by consuming bandwidth), whereas viruses always infect or corrupt files on a targeted computer.
Messenger-Tips does not send copies of itself, it does not work without user intervention and it does not harm the network or any computer. Messenger-Tips is not a worm.
However, the authentication method in delivering the account credentials, such as the user�s name and password, is not secure. Using Follow TCP Stream, an ethereal packet capture tool, we�re able to capture an instance when a user name and password are being sent to the program server. Below is the image capture:
This type of insecurity can easily expose a user�s account information to online identity thieves.
Credits to Trend Threat Analyst Lordian Mosuela!
