iMess - Sharing IM Logins With The World

| | Comments (0)
Yesterday we came across something we haven't seen before - a fake Instant Messaging program used to share stolen data to the masses via the wonders of FTP. Let's begin by introducing iMess:

imess1.jpg

As you can see, there's two parts to this - the iMess application that steals your MSN login, and "HQ" - the file that lets you grab said stolen data.

This is what the iMess program loading screen looks like when fired up, rather humorously using what appear to be ripped versions of Smilies from the ASK range of products, along with a list of "features" such as "Anti Block System" and "Hundreds of skins":

imess3.jpg
Click to Enlarge

It's all very slick, and designed to set the end-user at rest. No scam looks that professional, surely?

Well, actually...

imess4.jpg

....whoops, it does. Note that it's called iMess2 - no idea what happened to the first one, but perhaps that's another confidence trick. At any rate, if you enter your login details, you'll see that staple of rogue applications - the fake error message:

imess10.jpg

While this is taking place, it's probably a good time to crack open the code and see what's taking place:

imess2.jpg

Did your MSN login details just get sent to an FTP server in the Netherlands? I think they did.

Want to see where they end up? Sure you do! Time to fire up the "HQ" program - which is used as nothing less than a sort of communal sharing zone for stolen logins. Put simply, if you run HQ, you can see ALL of the stolen logins obtained around the World and sent to the FTP server.

"HQ" stands (rather appropriately enough) for "Headquarters". First you'll see the below - a splash page of sorts, telling you the last time the stolen data was "cleaned" (ie tidied up), with two buttons - "Contact" and "Accounts".

imess5.jpg
Click to Enlarge

It's the accounts we're interested in...

imess8.jpg

As you can see above, there are a number of buttons across the top. Simply hit "Connect" to connect to the FTP server, then hit "Get list" and all of the accounts stolen via this program are displayed in the bottom panel. If you want the password for any of the accounts, left click one then press "Show" and...

imess9.jpg

The login details are yours for the taking. From there, you can use the stolen logins to send spam or infection links via those accounts, dip into EMails that use the same logins (harvesting any additional data / logins stored inside) ....the choice is yours.

It's a common theme of phishing scams (for example) that a ringleader effectively orders the troops to go out and phish under the illusion they get something at the end of it, when in reality the person at the top of the chain keeps all the data.

Here, we have a bizarre example of using rather slick faked IM technology, sharing stolen data with the masses "for the greater good" (in the loosest sense of the phrase of course - there's nothing particularly "good" about this).

Hang onto your MSN Login details and avoid this program.

Leave a comment

About this Entry

This page contains a single entry by Christopher Boyd published on March 31, 2009 8:57 PM.

The SOL Botnet(s) was the previous entry in this blog.

Zango Installers Pushed Via Twitter is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.