Instant Messaging: November 2009 Archives

"Block Checkers" are those wonderful scam sites that claim to be able to show you who has you down as "blocked" on your favourite IM application. They've been around for a while, but always take the form of a website that you enter your details on. Once you've entered your login, you can expect to see your IM account sending lots of spam for viagra (along with adverts for the block checker site you used) to all of your contacts.

It's a rather spectacular way to lose all your friends on Instant Messaging (and quickly answers the question of "Who is blocking you". Answer: everybody).

Well, some wily individual has taken inspiration from the static webpages and come up with a Block Checker in the form of an executable file. However, this one has somewhat more sinister intentions than spamming links to a useless block check website with the occasional advert for a genuine rolex watch.

Shall we take a look?

mobbkck1.jpg

"MSN Block Checker", from Microsoft Corp. A quick check - aha - will reveal a different story:

mobbkck2.jpg

"MsnFake"? Oh dear. Here's what the program looks like when fired up:

mobbkck3.png

Do you want to see the obligatory fake error message that appears when you enter your Windows LIVE ID and hit "Sign in"? Of course you do.

mobbkck4.png

Faintly humorous that they left "MsnFake" in the popup box. Examining the code of the program rather gives the game away:

mobbkck5.png

Yes, your LIVE ID login will be mailed back to base. Given that your Windows LIVE ID could be associated with your IM account, your EMail, XBox Live and a bunch of other stuff this could be a Very Bad Thing(TM).

One bright spot here is that the program is being distributed in pieces - that is, as a collection of files and images that need to be compiled once you've entered the EMail address you want the stolen logins sent to. Here's what the typical wannabe user will see immediately after downloading it:

mobbkck6.png
Click to Enlarge

Hopefully this will result in lots of people creating absolutely unusable infection files, but it pays to be on your guard. NEVER, EVER run a "Block Checker" program because generally speaking a scam based on a scam is not a good thing to get tangled up in.

We detect this file as Mob.Blockcheck.

Pages

About this Archive

This page is a archive of entries in the Instant Messaging category from November 2009.

Instant Messaging: April 2009 is the previous archive.

Instant Messaging: December 2009 is the next archive.

Find recent content on the main index or look in the archives to find all content.