Block Checker Download - Avoid!

| | Comments (1)
"Block Checkers" are those wonderful scam sites that claim to be able to show you who has you down as "blocked" on your favourite IM application. They've been around for a while, but always take the form of a website that you enter your details on. Once you've entered your login, you can expect to see your IM account sending lots of spam for viagra (along with adverts for the block checker site you used) to all of your contacts.

It's a rather spectacular way to lose all your friends on Instant Messaging (and quickly answers the question of "Who is blocking you". Answer: everybody).

Well, some wily individual has taken inspiration from the static webpages and come up with a Block Checker in the form of an executable file. However, this one has somewhat more sinister intentions than spamming links to a useless block check website with the occasional advert for a genuine rolex watch.

Shall we take a look?


"MSN Block Checker", from Microsoft Corp. A quick check - aha - will reveal a different story:


"MsnFake"? Oh dear. Here's what the program looks like when fired up:


Do you want to see the obligatory fake error message that appears when you enter your Windows LIVE ID and hit "Sign in"? Of course you do.


Faintly humorous that they left "MsnFake" in the popup box. Examining the code of the program rather gives the game away:


Yes, your LIVE ID login will be mailed back to base. Given that your Windows LIVE ID could be associated with your IM account, your EMail, XBox Live and a bunch of other stuff this could be a Very Bad Thing(TM).

One bright spot here is that the program is being distributed in pieces - that is, as a collection of files and images that need to be compiled once you've entered the EMail address you want the stolen logins sent to. Here's what the typical wannabe user will see immediately after downloading it:

Click to Enlarge

Hopefully this will result in lots of people creating absolutely unusable infection files, but it pays to be on your guard. NEVER, EVER run a "Block Checker" program because generally speaking a scam based on a scam is not a good thing to get tangled up in.

We detect this file as Mob.Blockcheck.


Thank you for sharing this one. I've encountered this problem about a week ago and I didn't know what I need to do.

Leave a comment

About this Entry

This page contains a single entry by Christopher Boyd published on November 18, 2009 8:54 AM.

The Facebook (Dis)Honesty Box was the previous entry in this blog.

The Infection File Popularity Contest is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.