MSN Credentials Theft

December 6, 2008


My MSN-honeypot catched in these moments another classical MSN Credentials theft.

The system used is the classical Offline Message sent by an already compromised contact.

Here the message:


Xxx scrive:
Xxx check out these awesome pics from the awesome party LOL

__________________________ presents a classical form that asks for

MSN E-Mail

MSN Password

and as usual the already see (please refer to my previous MSN releated blog posts) a disclaimer..

Now let’s investigate a bit on this domain..

ICANN Registrar: ENOM, INC.
Created: 2008-12-04
Expires: 2009-12-04
Updated: 2008-12-04
Registrar Status: clientTransferProhibited
Name Server: DNS1.REGISTRAR-SERVERS.COM (has 151,962 domains)

IP Address: Whois | Reverse-IP | Ping | DNS Lookup | Traceroute
IP Location Hong Kong – Hong Kong (sar) – Hong Kong – Ta_kung_pao

And finally we can see that is Whois Protected
Domain name:

Registrant Contact:
WhoisGuard Protected ()