Wednesday, February 20, 2008

Uncovering a MSN Social Engineering Scam

This MSN scam trying to socially engineer end users into handling their accounting data by offering them the opportunity to supposidely see who's blocked them at MSN, has been circulating online for a while in the form of new domains that get actively spammed across different forums. The scam itself is just the tip of the iceberg, however it's a good example of a basic social engineering technique, the one with the basic promise. The scam's pitch :

"Quickly and easily learn who blocked you on MSN. The longly awaited feature for MSN Messenger, completely for free! Please input your MSN Messenger account information to learn who has blocked you. Our system will login with this information and learn who has blocked you."

Domains and DNS entries are still active, content's currently hidden :

msnliststatus.com - 222.73.220.237
msnblockerlist.com - 64.202.189.170
msnblocklist.org - 72.55.142.113
blockdelete.com - 89.149.242.248

Why would malicious parties care for collecting accounting data for IM users? If we're to put basic scenario building intelligence logic in this particular case, having access to couple of hundreds IM accounts acts as the perfect foundation for a IM malware spreading campaign, where access to the stolen data is actually the distribution vector. What would malicious parties do if they want to vertically integrate and earn higher return on investment in this case? They would segment the screenames by countries, cities and other OSINT data available, and earn higher-profit margins with the segmentation service offered to SPIMmmers.

Related posts:
MSN Spamming Bot
DIY Fake MSN Client Stealing Passwords
Thousands of IM Screen Names in the Wild
Yahoo Messenger Controlled Malware

No comments:

Post a Comment