Quick Links: SpywareGuide Greynets Blog | SpywareGuide Product Database | SpywareGuide Company Database | SpywareGuide Categories
SpywareGuide powered by FaceTime Security Labs
Search SpywareGuide Greynets Database & Site
Security Email Alerts & Updates
Search the Blog
 
Recent Posts
Categories
Monthly Blog Archives
Links
Subscribe
Subscribe to this blog's feed
About the Blog
About SpywareGuide Greynets Blog
Link to Us
Link to SpywareGuide.com

« Pinont.com - No Need To Panic | Main | I Just Called, To Say.......Nothing, Actually »

  • Beware: New MSN Messenger Password Stealing Program In The Wild

A new hacking program is in circulation that lets hackers create executable files easily and with no fuss. When the victim is tricked into running the infection file, a connection is made to the attacker's PC and they can steal any MSN login details stored on the PC. Here's what the attacker sees in his newly created directory after installing the infection creation tool:

msnhxr1.jpg

Note the selection of text files that accompany the program. We've seen a growing trend for hackers to leave copyright warnings on their programs, and messages of a similar nature elsewhere. Well, the all-out branding assault continues here:

msnhxr2.jpg

....Belgium Power? Once they're done impressing you with the technical specs of the programs creation, they continue to hit you around the head with more information:

msnhxr3.jpg

Once you fire up the Client, you can't help but be impressed by the clean, logical layout (very reminiscent of a spreadsheet, actually):

http://blog.spywareguide.com/upload/2008/05/msnhxr4-thumb.jpg
Click to Enlarge

Even better, the desire for being properly credited for their work runs wild here:

http://blog.spywareguide.com/upload/2008/05/msnhxr7-thumb.jpg
Click to Enlarge

According to that screenshot, they consider their Crew name to be a Trademark, and and program itself seems to be Copyrighted (All Rights Reserved). Creating the infection file is as simple as hitting the "Build It" button - when you see this, you're ready to start pushing your infection file to the masses.

Once the attacker has sent the infection file to the victim and convinced them to execute it on their PC, the attacker will be notified like so:

msnhxr12.jpg

At that point, the attacker simply opens up the "spreadsheet" page and sees this:

msnhxr10.jpg

The message says "Ready for action" - so very, very true. At this point, the attacker simply opens the "Passwords" tab, hits the "Get MSN Passwords" button and is presented with all the login details stored on the PC:

msnhxr11.jpg

We detect this as PassHax.

Research Summary Write-Up: Chris Boyd, Director of Malware Research
Additional Research: Chris Mannon, FSL Senior Threat Researcher

  • TrackBack

TrackBack URL for this entry:
http://blog.spywareguide.com/mt/mt-tb.cgi/312


Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)


Site EULA | Site Map | Contact Us | About Us | Site and Spyware FAQ | Advertise | RSS Feeds  | Link To Us | SpywareGuide JapanJapanese

© Copyright 2006, FaceTime Communications, Inc. All rights reserved.