Beware: New MSN Messenger Password Stealing Program In The Wild

| | Comments (0)

A new hacking program is in circulation that lets hackers create executable files easily and with no fuss. When the victim is tricked into running the infection file, a connection is made to the attacker's PC and they can steal any MSN login details stored on the PC. Here's what the attacker sees in his newly created directory after installing the infection creation tool:

msnhxr1.jpg

Note the selection of text files that accompany the program. We've seen a growing trend for hackers to leave copyright warnings on their programs, and messages of a similar nature elsewhere. Well, the all-out branding assault continues here:

msnhxr2.jpg

....Belgium Power? Once they're done impressing you with the technical specs of the programs creation, they continue to hit you around the head with more information:

msnhxr3.jpg

Once you fire up the Client, you can't help but be impressed by the clean, logical layout (very reminiscent of a spreadsheet, actually):

http://blog.spywareguide.com/upload/2008/05/msnhxr4-thumb.jpg
Click to Enlarge

Even better, the desire for being properly credited for their work runs wild here:

http://blog.spywareguide.com/upload/2008/05/msnhxr7-thumb.jpg
Click to Enlarge

According to that screenshot, they consider their Crew name to be a Trademark, and and program itself seems to be Copyrighted (All Rights Reserved). Creating the infection file is as simple as hitting the "Build It" button - when you see this, you're ready to start pushing your infection file to the masses.

Once the attacker has sent the infection file to the victim and convinced them to execute it on their PC, the attacker will be notified like so:

msnhxr12.jpg

At that point, the attacker simply opens up the "spreadsheet" page and sees this:

msnhxr10.jpg

The message says "Ready for action" - so very, very true. At this point, the attacker simply opens the "Passwords" tab, hits the "Get MSN Passwords" button and is presented with all the login details stored on the PC:

msnhxr11.jpg

We detect this as PassHax.

Research Summary Write-Up: Chris Boyd, Director of Malware Research
Additional Research: Chris Mannon, FSL Senior Threat Researcher

Leave a comment

About this Entry

This page contains a single entry by Christopher Boyd published on May 2, 2008 5:28 PM.

Pinont.com - No Need To Panic was the previous entry in this blog.

I Just Called, To Say.......Nothing, Actually is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.