Another IM Virus

I saw this IM virus for the first time today:

WARNING – Don’t go to the URLs listed in this post, due to possible malware and NSFW content.

Another IM virus on Windows Live Messenger

Followed a few minutes later by:

That’s from one of my sisters (so I see some phone support in my future.) She’s not signed in, so that’s a dead-giveaway right there.

At any rate, the domain information for “” is cloaked:

WHOIS lookup from

Pinging either domain name resolves to IP address is, which is in Hong Kong:

IP address lookup from

As a test, I used a canary virtual machine to see if AVG Free 8.5 would block either of these sites – it didn’t.

Protection is necessary, but you can’t patch for everything. It comes down to end-user education. If you’re responsible for the computers in your company (or in your home if you’re a parent) you need to let folks know about IM vectors of infection and other threats. Spend the time educating, or spend a lot more time afterwards cleaning up.

One thing I do to encourage end users to “Call Before Clicking” centers around recognizing them when they make smart web surfing decisions. Example – picking up the phone immediately when getting a “your computer is infected with xyz” pop-ups instead of trying to close the windows.

To assist with this, I have a Microsoft Word document that I can edit called the “Safe Computing Award”. I customize it with the name of the client / employee and send it to them via email when they do something that avoids getting their computer infected. Sample below:

Safe Computing Award

It just takes a minute or two to update the Word doc, PDF it and email it to the customer, and they have always been well received.

A little positive reinforcement goes a long way. 🙂

VN:F [1.9.20_1166]
Rating: 0.0/10 (0 votes cast)

Leave a Reply