Publications

The end of MSN Messenger, the beginning of attacks

Microsoft recently announced the shutdown of its popular IM client MSN Messenger, which will be replaced by Skype, but its end represents the beginning of malicious attacks posing as the installer of the software. Cybercriminals already started to use this fact in their attacks, registering malicious domains, buying sponsored links on search engines, tricking users to download and install a malware masquerade as the MSN installer.

MSN Messenger is still very popular in several countries; Microsoft informed that the service has more than 100 million users worldwide, approximately 30.5 million of them in Brazil. As an escalated migration of all users is planned, it’s getting harder to find the installer of the program and this is the window of opportunity exploited by Brazilian cybercriminals aiming to infect users looking for the software.

In a simple search on Google for “MSN messenger” the first result displayed is sponsored link of a malicious domain aiming to distribute the fake installer, which is actually a Trojan banker:

208194179

The domain was registered with fake data:

208194180

If you visit the site, this is the content displayed:

208194181

And here the download of the fake MSN installer:

208194182

Other malicious domains created with the same purpose, some of them already deactivated, are as follows:

We believe this is the first of several expected attacks that use the end of MSN Messenger as bait.

As we approach April 8, the day chosen by Microsoft to permanently shutdown the service (April 30th in Brazil), we advise all users to avoid looking for the MSN installer and migrate their account(s) to Skype. And the sooner the better to avoid becoming victims of attacks like this.

The end of MSN Messenger, the beginning of attacks

Your email address will not be published. Required fields are marked *

 

Reports

BlindEagle flying high in Latin America

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries.

APT trends report Q2 2024

The report features the most significant developments relating to APT groups in Q2 2024, including the new backdoor in Linux utility XZ, a new RAT called SalmonQT, and hacktivist activity.

Subscribe to our weekly e-mails

The hottest research right in your inbox