Results 1 to 5 of 5

Thread: ICQ/MSN Messenger Fraud

  1. #1
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002

    ICQ/MSN Messenger Fraud

    Haven't seen any mention of it here, so I thought I would post to make sure people are aware of it.

    Taken from here

    We received notice about fraudulent messages sent via ICQ and MSN Messanger,
    urging users to visit various websites to download Windows patches. While these
    websites resemble 'official' Microsoft sites, the patch is in fact a trojan
    horse. If installed, the trojan horse will connect to an IRC server and
    participate in a "botnet" which could be used to portscan or to launch DDOS
    We do recommend blocking access to the following IPs and sites used in this

    upon joining the IRC channel, the 'bots' are currently instructed to 27374 and
    1243. The installed binary is 'scan.exe'. While scan.exe is not currently
    detected as a virus, it will uncompress itself and extract several components
    which are detected by virus scanners.

    Just a reminder: there are likely variations of this basic scheme. Please do
    NOT take these instructions too specific. More generic, outbound IRC traffic,
    and outbound scans of port 27374 and 1243 are always suspicious.
    Keep it in mind for those of you who have a large number of less-savvy, but well intentioned users.

    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  2. #2
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    oh man, lamers never change. I remember back 3 years ago when i first got a computer there were all kinds of trojans and **** for ICQ, its sad. i mean its cool people found a way to get a trojan out of ICQ but i mean damn, lol this doesnt seem anything more than a social engineer attempt from somenoe who doesnt actually have the skills you need to be good at it.

  3. #3
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Hmm, the mentioned ports are the defualt ports for sub7....... Sub 7 is known to communicate with irc bots, telling the owner when an infected victim goes online. In addition to the irc, notifications can be made via messenger, email, and some versions of ICQ. My advice is to NOT download anything, if the links are provided in a chatroom, a form of messenger, or from an email where you are not 100% sure of the sender's soure or identidy. Sub7 is only one of the trojans that can notify/act this way. There are many other trojans, that act very similar. For now till more information is provided about this thread, i recomend getting the cleaner from www.moosoft.com, aswell as updating your antivirus scanners.

    Ubuntu-: Means in African : "Im too dumb to use Slackware"

  4. #4
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Keep it in mind for those of you who have a large number of less-savvy, but well intentioned users.
    All the more reason to prohibit the use of IM, java chat and IRC services in the workplace...

    Muhahaa Muhahaa Muhahaa

    I guess the home users would be more vulnerable to this type of social engineering.

    Ah well... I'll send out an e-mail to everyone anyway.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  5. #5
    Senior Member
    Join Date
    May 2003
    Sub7 and BackOrifice, and other similar trojans really piss me off... it's the easy way in, and, as phish said, makes it easy for the social engineer to get what he/she wants.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts