The next version of MSN Messenger is still some months away, so if you happen to get a message or visit a Web site that promises otherwise, beware.
Finnish security firm F-Secure is reporting a new scam that is masquerading as the MSN Messenger 8 Beta, which will be called Windows Live Messenger.
Rather than a beta of Microsoft’s latest IM client, users will download a virus file, BETA8WEBINSTALL.EXE. Once installed, the virus’ payload connects the users IM client to a botnet and sends download links to the virus file to everyone on the users contact list.
A Microsoft spokesperson told internetnews.com that this threat does not exploit a security vulnerability, but relies on significant user action to spread to all the contacts in a user’s MSN Messenger contact list.
Microsoft recommends that customers exercise extreme caution when accepting file transfers from both known and unknown sources.
By midday Wednesday December 28th, the original host Web site for the virus, msgrbeta8.com, had been taken offline. According to domain records, the domain itself was only registered a few days ago in the afternoon of Dec. 24th.
With the declining cost of domain registrations, “throw-away” domains have become a popular breeding ground for transmitting viruses by hackers. The msgrbeta8.com was apparently registered at http://www.namecheap.com/, which offers domain registrations for only $8.88.
The latest stable version of MSN Messenger is version 7.5, which launched at the end of August.
Hackers targeting MSN Messenger are certainly nothing new.
According to the IM Logic Threat Center, MSN Messenger has borne the brunt of IM attacks with 43.1 percent of all attacks.
In the last ninety days, the target has shifted to AOL’s Instant Messenger (AIM) which now bears 44.8 percent of attacks in comparison to MSN Messenger at 26.1 percent in the same period.