Security experts in Germany are warning of a new threat to MSN Messenger and Windows Live Messenger.G Data SecurityLabs research has found a recent surge in spam and phishing sites that link to the services, as well as a wave of seemingly 'endless' fake friend requests. Adding to these woes is a rogue application that promises to tell users who is blocking them, but in fact is a lure to a scam.Any links included in messages will take users to a Russian software site which offers products at unrealistically low prices, the firm warned, with the goal of the scammers to obtain personal information and credit card details from their victims.Other IM-borne threats include a sort of lookup service that lets IM users see who is blocking them as a contact.Here, users are asked to provide their user name and password in return for the information, but in fact all they are doing is handing over their details on request.G Data has tested the phishing requests and set up a honey pot account, using the name Michael, to see what impact responding had."We created an account to try out these services ['Michael']. The results were as to be expected: disappointing," explained Eddy Willems, security evangelist at G Data SecurityLabs."The 'who-blocked-you' service was not able to identify that, from the two contacts on our list, one actually blocked Michael and one did not. The names were both listed."These failings aside, the firm will still have to wait and see what impact handing over Michael's log-ins has. However, Willems said that whatever happens to Michael will be insignificant when compared with what could happen to a real IM user."What will happen with the Michael account, now that the login details are in the hands of these scammers, remains to be revealed. Possibly Michael, with his mere two contacts, is not an interesting enough target for these cyber criminals to put any effort into," he said."Most IM accounts hold many contacts, that include email addresses and sometimes even more information about your friends. It's not a good idea to share that information with cyber criminals."
Issue: 315 | May 2013
Access CRN's extensive online resources including; email bulletins, community discussions and unique online news.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can log on to the CRN website or start posting comments on articles.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain '@crn.com.au' to your white-listed senders.