08 July 2008

imagedino.info MSN Phishing

I recently received a message from a contact in MSN that had a link in it to the domain imagedino.info. It looked suspect, but I thought I might as well see what is going on.
When I followed the link it took me to a rather suspicious login screen that asked me to logon using my MSN Account.
I would suggest that no one do this as this is more than likely a phishing website that will use your account details for no good.
The link was http://.imagedino.info/
Please block this on your proxy server is you have a proxy.
DO NOT ENTER YOUR MSN USERNAME AND PASSWORD IN THIS FORM.
If you have entered your username and password into this form:
  • please change your MSN password as soon as possible.
  • I am not sure if the page downloads anything malicious onto your computer. I would suggest updating your anti-virus and running a full system scan.
    You can get AVG Anti-virus for free from here.
  • Also try using something like spybot search and destroy

Screenshot of the website.

10 comments:

Anonymous said...

How to stop it ???

BigG said...

I would suggest that if you entered your MSN username and passowrd into the website that you go and change your username as soon as possible! I am working with my friend who did it to see if there is any further infection on his machine or if it is purely using his msn username and possword to send out more messages.

Anonymous said...

Do you know if there's an official name for this trojan/virus? And which AV products (if any) pick it up?

BigG said...

Hey Greg,

Not as far as I know. My friend ran AVG which did not pick it up. He is trying spybot search and destroy now. I think this is a little new to have an AV pattern. I will post as soon as I have found out more.

Anonymous said...

there is something about the 'msn phishing' at the link: http://www.avertlabs.com/research/blog/index.php/2008/06/10/now-be-a-good-victim-and-enter-your-login-credentials-in-the-form/
but blogger did not say how to remove it either

Anonymous said...

There's a writeup of it done by McAfee here: http://www.avertlabs.com/research/blog/index.php/2008/06/10/now-be-a-good-victim-and-enter-your-login-credentials-in-the-form/

Looks like it's not actually a virus. It's pure phishing - captures your username and password, then THEY log in using your credentials and SPAM/SPIM the info. There's no client-end software.

So, the way to remove is to change your password, I would think.

Anonymous said...

i changed my password right now when one contacter ask me what's it.
however, my messenger send the message again after i logon by the new password

Anonymous said...

i hate the man/women who write the code

Anonymous said...

who was the contact you recived it from?

Anonymous said...

it's a user of my company's support systems.