Instant Messaging: April 2009 Archives


Yesterday, I wrote about an IM password stealer available to download from sites such as ZDNET / Well, it now appears to have been flushed from all related websites.

Thanks to the Download team for their quick response - they've shown a commitment to removing rogue elements from their download sections in the past, and incidents such as this seem to be few and far between.
Generally, download sites do a good job of keeping potentially undesirable programs off their network. You might see the oddly titled "family keylogger" program and wonder about the ethics of such a utility, but leaving those rather dubious grey areas aside, mostly things take care of themselves.

However, while browsing the site today, I happened to find something rather peculiar in their "Network Monitoring Tools". Namely, this:

Click to Enlarge

As soon as I saw the creator description of the program, I knew something wasn't quite right:

"Apheve is a great piece of software that has the ability to disguise itself as multiple IM programs including MSN, Skype, and BT Yahoo.This is perfect if a visitor is coming round who wants to access their IM account."

Wait, it "disguises" itself as multiple IM programs? And its name sounds like a bizarre slang version of the word "thieve" (A Pheve)?

Oh dear.

As you might expect, the program is available to download on numerous sites, including CNet Asia and ZDNet UK. Up for grabs since May 2008, the number of downloads is somewhat alarming:


9186 CNET Asia


Not including other sites related to the above URLs, that means there's a grand total of at least 27,855 people (possibly) running round trying to steal your IM logins. (Check out the comments for more thoughts on what all those people may....or may using the program for).

Did I say steal? Yes, I did. Presenting.... "Apheve":


Quite simply, you select the IM client of your choice - MSN Messenger, Yahoo IM or Skype - and hit the "Start!" button. Then you retreat to a safe distance and let your victim use the PC. As we've seen before, these kinds of programs work great for scammers in net cafes, libraries and schools / universities.

The victim will see one of these:

Click to Enlarge

Click to Enlarge

Of course, both of those IM boxes are entirely fake. Should you enter your login details, you'll be shown an error message and wander away from the computer feeling vaguely annoyed. Meanwhile, the attacker jumps onto the same computer and clicks on the apparently harmless looking fake icon in the Taskbar - in this case, a picture of a DVD / CD:


....and is presented with your login information, courtesy of a nifty popup box:

Click to Enlarge

Is it just me, or does that go a little beyond the scope of "Monitoring Software"?

The program has absolutely no reason to exist other than harvesting login credentials.

Even the choice of targets seems designed to cause as much trouble as possible - Skype accounts will probably have unused call credit stored against them, Windows Live accounts may well be linked to EMail as well as IM, potentially giving access to yet more personal information, logins etc.

Any claim by the creator that this is intended for "network security" is fairly blown out of the water when we check out his Youtube channel, only to find...

Click to Enlarge

...he's promoting it with the title "How to hack Msn, Skype or Yahoo with Apheve 1.1", with "Apheve pro - The ultimate hacking tool" in the description.

The only good thing here is that due to the program being around for a while, the fake versions of Skype, Windows Live Messenger etc look rather outdated and not very much like the real, current versions. The DVD / CD icon in the corner could also be a giveaway, though of course you can change that if you really want to.

We've EMailed the Downloads team, and will post again when we hear back from them.

Given the rather single-minded purpose of this application, I'm a little surprised it managed to squeeze through the cracks. The above download sites may well be "Tested Spyware Free", but they're currently not "Tested Horrible IM Stealing Piece of Junk Free".

Hopefully that might change shortly...

Stop: Spammer Time

| | Comments (0)
Awful title gag aside, it seems someone is having a little fun in MSN Messenger land.

They've gone out and phished a number of accounts, then added all the people on their contact lists into one single file available to download.


Why? So you can add all 976 of them to your contact list then start spamming / harassing them.


Of course, the "MSN harassment list" has one fatal flaw - you don't HAVE to accept that random friend request that just popped up on your desktop.

So don't :)
It's yet another "login here to send all your contacts endless amounts of spam" website. This one is called

...and looks like all the other ones.

Click to Enlarge

Created on the 3rd of April 2009, there's also a curious addition to their (always changing) Terms & Conditions:

"You also understand that by temporarily accessing your msn account, CSS Management Inc. is NOT agreeing to MSN's terms of use and therefore not bound by them."


About this Archive

This page is a archive of entries in the Instant Messaging category from April 2009.

Instant Messaging: March 2009 is the previous archive.

Find recent content on the main index or look in the archives to find all content.