Rumors of an official release of Windows Live Messenger 8.1 are circulating, but early adapters beware! Last week, the anti-virus company Sophos identified the existence of Troj/Msnfake-M, aka, MSN Live Password Stealer–a trojan horse that masquerades as the new release but in reality, is destructive.
Trojan horses are malware that pose as something beneficial (i.e., the latest release of Windows Live Messenger) to trick users into installing them. Once on your system, trojans can provide the attacker with remote “back door” access to the users system, return sensitive data like passwords or financial information, record keystrokes, and delete or destroy files.
As reported on Mess.be, “Various versions of the password stealer (up until v4) are currently being distributed via Torrents and can very easily be configured, renamed and passed on to victims. When executed, the trojan displays a fake Windows Live Messenger login prompt and any entered username and password is automatically saved into c:\pas.txt (default destination). For the next step, the hacker can decide to show an error message, just terminate the application or terminate it and launch the real client. He can retrieve the stored login details via a pre-set e-mail address.”
Sources indicate that Sophos has already updated virus definitions, and other anti-virus solutions such as Norton and McAffee are expected to do likewise.
How can you protect yourself from being a victim of a trojan horse? Running a firewall and up-to-date anti-virus software is a must, but not a panacea. Besides continuous monitoring of your system for malicious code, make certain you’re practicing safe downloading habits. Only download the MSN client (and other software) from the official client site or other reputable places. Most importantly, always be wary of suspicious .exe/.bat/.pif/ files. Don’t accept or execute these files unless you are certain they come from a trustworthy source.