Thank you to Jonathan Kay for giving his permission to repost his full blog entry from MessengerGeek on Live Spaces here for our BigBlueBall members. This is valuable information of which every WLM user should be aware. This is a wonderful explanation of what to watch out for, and what to do if you think you've been compromised.
As the most used instant messaging service in the world, it’s become more and more common to find your contacts sending out virus, spam and worm links through Messenger. There’s a lot of different types and different steps for removal, but the one most recently affecting people is a “phishing worm”.
The worm
More than likely you’ve seen the following from one of your contacts recently:
There's no need to analyze the link, as it seems to randomly change and most likely new sites are added regularly. Although Messenger has allowed messages to be sent while appearing offline for quite some time, it’s important to note that these messages are sent out as offline messages (although no doubt this won’t always be a fact). As I know “Ruth” rather well, knew she wasn’t at her computer, and know this message isn’t something characteristic of her, I immediately knew this wasn’t legitimate.
Your best bet is to to stop here and not bother clicking the link without asking for confirmation of what this is from your contact. However, if you do proceed, you may find yourself at a web site like the following:
Although this isn’t a good fake, it does appear somewhat similar to the Messenger user interface and judging from the number of these links sent to me over the past few weeks, it has in fact tricked quite a few people. Once you provide your Windows Live ID username and password, it saves this information on the scammers server and redirects you to another web page full of advertisements and pointless images.
The scammers now have your credentials and can start their dirty deeds — logging into Messenger as you, looking through your e-mail, accessing your Microsoft billing information (if you have any) and spamming others with similar links. You wouldn’t trust a stranger coming up to you asking for your credit card information, so why would you trust a random website with your Messenger credentials?
The worst part of this whole process is that the typical support response is to run a virus scanner. This of course will find nothing (although a good percentage of Messenger worms and viruses aren’t detected by scanners anyway), as the scammers are logging in from another computer using the provided username and password. While this fruitless effort to find a non-existent virus on your computer is in progress, someone could be using or selling your information. Your information might be used within hours, days, or even years long after you’ve forgot this happened.
It is absolutely essential to change your password after your account has been compromised in this fashion on both Windows Live ID (which includes Messenger) and other sites where your log in using the same e-mail address (Facebook, for example).
Verifying you are at a true Microsoft site and changing your password
Most major web sites on the web today utilize an Extended Validation (EV) certificate. In most browsers this will appear with a green bar at the top. Among other security measures and encryption, this indicates that the site has gone through an audit to verify the identity of the site. To show this in action, let’s head over to https://account.live.com/ChangePassword.aspx to change the Windows Live ID password.
Even if the site appears to look like a Live ID sign in page, look for the green address bar, lock icon and company name to verify it truly is. Additionally, depending in your Windows version, browser and Live ID site you’re signing into, you might need to click the ‘Sign in using enhanced security’ link on the page to see these indicators.
Finally you’ll arrive at the password changing page and can change your password. One minor feature that’s been added recently is an option to prompt you to change your password every 72 days. I’m not quite sure how this will work with regards to Messenger yet, but time will tell.
As mentioned previously, you should now use similar password changing facilities in other sites which utilize the same e-mail address and password to log in.
Easy steps to remember
To conclude, here are some easy steps to remember to avoid this happening to you:
- Before accepting an invitation or clicking on a link, verify that it appears to be legitimate. If in doubt, ask your contact.
- If a site is prompting for your username and password, verify your information will be going to a legitimate source that you trust.
- Don’t trust antivirus software to save you. Use discretion and avoid installing or running any applications from web sites you don’t trust, even if they came from a contact you do.
Philip Yeoh says
Excellent article here. Moral of the story is, don’t click on those strange links sent by your contacts-EVER!!
Jeff Hester says
Sounds advice. Generally it’s good for any instant messaging program to exercise caution before clicking any links sent to you, especially unprompted. I usually test by replying “what is this?” before I click. This alerts the “sender.” I’ve seen cases where they had no idea what I was talking about, or that they were infected, for that matter. Usually asking is all the test you need.
detn8r says
I was victim to one of these last week but it happened on Yahoo Messenger (which I believe was tied in with a WLM contact). I’m not sure myself how it happened, but it doesn’t seem to take much that’s for sure.
Mark Andrews says
Good advice! I’m always amused when one of my friends falls victim to one of these schemes, and then their infected account starts hitting me up.
Emilia Palmer says
i am only using free virus scanners like avast and avira but they seem to be great tools though.`: