14 DAY TRIAL // A hacking tool advertised as being capable of enabling users to hack Windows Live accounts and grab Windows Live Messenger passwords is actually used by attackers to spread their malicious code. According to BitDefencer, HackMSN.exe will not only not permit users to recover Windows Live passwords, but will instead infect them will malware, namely the Backdoor.Bifrose.AADY.
“This piece of malicious code affects Windows platforms. The malware injects itself into the explorer.exe process and opens up a backdoor that allows unauthorized access to and control over the affected system,” BitDefender’s Ioana Jelea stated. “Moreover, Backdoor.Bifrose.AADY attempts to read the keys and serial numbers of the various pieces of software installed on the affected computer, while also logging the passwords to the victim’s ICQ, Messenger, POP3 mail accounts, and protected storage.”
According to the security outfit, the so-called Windows Live Messenger hack tool is being spread to an email campaign. Obviously, a social engineering tactic is employed in order to get unsuspecting victims to infect their machines with the Backdoor Trojan, in order to have their personal data stolen. Below is the message that attackers are using in emails designed to spread HackMSN.exe and Backdoor.Bifrose.AADY. It’s obvious from the various errors in the text that the email is nothing more but a part of a social engineering strategy to steal sensitive user data.
“We have a tool called Windows Live Messenger Password Recovery, this tool can be used to recover lost or forgotten passwords of Windows Live Messenger, Windows Live Mail, Windows Messenger and MSN Messenger too,” reads an excerpt of the message employed to convince users to run HackMSN.exe and compromise their machines.
“This tool could be used by hackers to hack MSN passwords, it should not because Windows Live password hacking is illegal!. This tool is designed primarily for the use of the owners to hack their own Windows Live accounts when they forgot or lost their MSN password. This tool could also be used by forensic scientists to hack MSN password stored on the local system. This is only valid for those cases when after clicking the ‘Sign-in’ button in your MSN or Windows Live messenger you are able to login without having to enter your password,” it is added in the email.
Windows Live Messenger 14.0.8117.416 is available for download here.