Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

MSN messenger - messages from unknown contacts

Posted on 2006-06-27
14
Medium Priority
?
2,602 Views
Last Modified: 2006-11-18
about a month ago, we had a virus spread through MSN messenger.  a user would get a message from a known contact (a buddy on their list) that had a link.  when they clicked on the link, it downloaded the virus, scanned their buddy list, and spread itself to everyone on the list.  we stopped the virus before it spread very far ... and cleaned up the infected computers.  we have been fine for the past month.

this morning, many of the users got an IM from an *unknown* person (not a person on their buddy list).  many of the messages were in chinese, although i am getting reports of messages in english, too.  These messages have a link included.  so far, my users are reporting that they did not click on the link.  one person did add the contact to their buddy list, but says he did not click on the link.

I am running a virus scan.  last time this happened, symantec corporate AV did not detect the infection.  i submitted infected files to symantec and they wrote definitions for that virus which were included in a liveupdate.

since everyone here claims they did not click on the IM, i am wondering if this is just a random MSN thing ... or if i should continue to suspect that we have at least one infected computer ???
0
Comment
Question by:zephyr_hex (Megan)
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +3
14 Comments
 
LVL 97

Expert Comment

by:war1
ID: 16994009
Greetings, zephyr_hex !

Since you scan your computer regularly virus, It is probably a random MSN thing.  But it is better to be vigilant.  Run your computers with an online scan once in awhile
Check for virus and adware

Housecall Online Scan
http://housecall.antivirus.com
or
Panda Activescan
http://www.pandasoftware.com/products/activescan.htm
or
Kaspersky Virus Scan
http://www.kaspersky.com/virusscanner

Best wishes!
0
 
LVL 4

Accepted Solution

by:
Shaun84 earned 500 total points
ID: 16994045
It may just be a virus trying to get spread and someone who has 1 on your users in there buddys list has been infected thus the virus tried to get onto your user.
EG Steve got the virus on his machine and has Dave(your user) on his buddy list steves machine generated this message to Dave.

I suspect that no user has a virus but i would check acouple of them with housecall.  http://housecall.trendmicro.com/
Some viruses corrupt the AV on a machine so they dont get picked up, housecall is web based so it should pick up any viruses on you PC

hope this helps
0
 
LVL 1

Expert Comment

by:Zabulon777
ID: 16994048
Either switch to secure GAIM with proper setup and continue to activily scan your machines keeping them up to date on the definitions.   Thats about all you can do.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 44

Author Comment

by:zephyr_hex (Megan)
ID: 16994177
thanks for the quick responses...
a couple of questions for Zabulon777 - how is GAIM different than Trillian?  i use trillian, and it did not block the virus last month.  also, how would GAIM prevent the spread of these random IMs?

what makes me wonder if this is a virus is that i personally have not received a strange msn message this morning.  there is one other person here who has not either.  both of us happen to *not* have another employee in particular on our buddy list.  to me, that says it's possible that other employee has some form of malware on his computer....  it read his buddy list and IM'd itself to the contacts... but did not IM me or the other person because we weren't on his list.  this person says they did not click on the link in the IM, but did add the person to his contact list.  i cant see how the act of adding a contact to the buddy list could install a virus ... link-clicking is the only method of getting a messenger virus that i'm aware of...
0
 
LVL 1

Expert Comment

by:Zabulon777
ID: 16994224
Does Gaim support secure instant messaging (encrypted IMs)?
Short answer: Yes, use the SILC protocol.
Long Answer (for other protocols): Not natively. Doing secure instant messaging right is a big deal and requires, among other things, an authentication scheme. Simply encrypting your data stream without verifying the party with whom you are chatting is not secure in any way; some other clients offer options like this, but we feel that such measures instill a false sense of security that is more harmful than helpful.
There are a number of 3rd party plugin developers working on developing a secure IM framework, the better ones using the GnuPG and the OpenPGP trust model for authentication. If you are serious about secure instant messaging, read the documentation on the "web of trust" model available at www.gnupg.org and try out one of these.

check out more here: http://gaim.sourceforge.net/
If setup properly you can rest a little easier on the messaging standpoint.  It takes a bit of tweaking but I have been able to create a encryped IM enviroment!

Best of luck!
0
 
LVL 44

Author Comment

by:zephyr_hex (Megan)
ID: 16994329
is this random messenging thing common in MSN?  i mean ... can it happen without someone on the network having a virus?
0
 
LVL 1

Assisted Solution

by:Zabulon777
Zabulon777 earned 500 total points
ID: 16994394
I have seen it randomly as well.. it is usually a virus written specifically for MSN.  So yes it can happen without someone having a network having a virus.
0
 
LVL 97

Assisted Solution

by:war1
war1 earned 500 total points
ID: 16994503
>> is this random messenging thing common in MSN?  i mean ... can it happen without someone on the network having a virus? >>

I have seen this type of message on MSN, AIM and YIM, the popular instant messengers.  There is always someone trying to infect your computer with a link.
0
 
LVL 10

Assisted Solution

by:ISoul
ISoul earned 500 total points
ID: 16995426
I think you can rest easy. Getting these random messages from random MSN people is not indicative that you have an infected computer within your network.

I've gotten these random messages on my home PC as well, and I can guarantee it's not infected with anything.
0
 
LVL 44

Author Comment

by:zephyr_hex (Megan)
ID: 16996985
i checked the router/firewall logs at the site where i suspect the problem started.  There are lots of packets getting dropped...  now, i haven't checked their log in the past week or two, but the last time i did check, it was not like this.

example from log:
http://img285.imageshack.us/img285/8462/log2bl.jpg

this site LAN is only subnet 192.168.1.xx  .  we don't have a 192.168.2.xx and yet that IP is showing up in the log
also, i don't recognize many of the WAN IPs in the log  ( i have marked out the WAN IPs I do recognize)

is this an indication that we have malware or a virus?  or is it just a sign of some other kind of network issue?
0
 
LVL 44

Author Comment

by:zephyr_hex (Megan)
ID: 16997010
other notes:  i have run scans with symantec corporate AV (which is not damaged ... scans ran normally) and spybot (both with the latest defs).  moreover, i have had several of the users check their hosts file, and it is ok.  no one has reported any kind of problems on their computers, other than the weird MSN messages that occurred this morning (since then, i have had everyone sign out of MSN).
0
 
LVL 1

Expert Comment

by:Debugyeh
ID: 17014223
this is not as complicated as your all making out

go to a command prompt

type net stop messenger

problem solved

0
 
LVL 44

Author Comment

by:zephyr_hex (Megan)
ID: 17031698
does "net stop messenger" only stop the windows messenger service?  that is already disabled, by default, with service pack 2.  it is quite different from msn messenger.
0
 
LVL 1

Expert Comment

by:Debugyeh
ID: 17033573
opologies, miss read but i think ur problems bots, randomly messaging adverts
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Curious about the latest ransomware attack? Check out our timeline of events surrounding the spread of this new virus along with tips on how to mitigate the damage.
If something goes wrong with Exchange, your IT resources are in trouble.All Exchange server migration processes are not designed to be identical and though migrating email from on-premises Exchange mailbox to Cloud’s Office 365 is relatively simple…
This video will demonstrate how to find the puppet warp tool from the edit menu and where to put the points to edit.
Viewers will learn how to use the Hootsuite Dashboard.

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question