Network Admins: imagedino.info MSN Phishing

07 July 2008

imagedino.info MSN Phishing

I recently received a message from a contact in MSN that had a link in it to the domain imagedino.info. It looked suspect, but I thought I might as well see what is going on.
When I followed the link it took me to a rather suspicious login screen that asked me to logon using my MSN Account.
I would suggest that no one do this as this is more than likely a phishing website that will use your account details for no good.
The link was http://.imagedino.info/
Please block this on your proxy server is you have a proxy.
DO NOT ENTER YOUR MSN USERNAME AND PASSWORD IN THIS FORM.
If you have entered your username and password into this form:

please change your MSN password as soon as possible.
I am not sure if the page downloads anything malicious onto your computer. I would suggest updating your anti-virus and running a full system scan.
You can get AVG Anti-virus for free from here.
Also try using something like spybot search and destroy

Screenshot of the website.

10 comments:

Anonymous said...: How to stop it ???; 7 July 2008 at 15:32
BigG said...: I would suggest that if you entered your MSN username and passowrd into the website that you go and change your username as soon as possible! I am working with my friend who did it to see if there is any further infection on his machine or if it is purely using his msn username and possword to send out more messages.; 7 July 2008 at 15:55
Anonymous said...: Do you know if there's an official name for this trojan/virus? And which AV products (if any) pick it up?; 7 July 2008 at 16:05
BigG said...: Hey Greg,

Not as far as I know. My friend ran AVG which did not pick it up. He is trying spybot search and destroy now. I think this is a little new to have an AV pattern. I will post as soon as I have found out more.; 7 July 2008 at 16:09
Anonymous said...: there is something about the 'msn phishing' at the link: http://www.avertlabs.com/research/blog/index.php/2008/06/10/now-be-a-good-victim-and-enter-your-login-credentials-in-the-form/
but blogger did not say how to remove it either; 7 July 2008 at 16:38
Anonymous said...: There's a writeup of it done by McAfee here: http://www.avertlabs.com/research/blog/index.php/2008/06/10/now-be-a-good-victim-and-enter-your-login-credentials-in-the-form/

Looks like it's not actually a virus. It's pure phishing - captures your username and password, then THEY log in using your credentials and SPAM/SPIM the info. There's no client-end software.

So, the way to remove is to change your password, I would think.; 7 July 2008 at 16:39
Anonymous said...: i changed my password right now when one contacter ask me what's it.
however, my messenger send the message again after i logon by the new password; 7 July 2008 at 16:48
Anonymous said...: i hate the man/women who write the code; 7 July 2008 at 16:51
Anonymous said...: who was the contact you recived it from?; 7 July 2008 at 20:21
Anonymous said...: it's a user of my company's support systems.; 8 July 2008 at 07:23