Security tip on your messenger (avoid sending spam)

For some months now, I've been warning my friends about clicking links in messenger notes dropped in their computers. If you use Windows Live Messenger or any other major instant messaging software (yes! Even Gmail or Yahoo messenger can be affected).

How does this work? Well, so far, after reading many websites and possible solutions, running some security programs and talking to several people, my take is that these persons that are sending (inadvertently) spam via messenger are not conscious about it.

The final solution I've been giving to my fellow friends that get "infected" is to change their password. For those of you not very close to the Windows Live "internals", this account is the same for Messenger, Hotmail, Spaces and all of the Windows Live services.

The current attack starts to send messages informing you of promotions, nice photos, vacation plans or can even be very tricky on the content of the messages, aiming to a technique called "social engineering", where the attacker tries to get victims by fooling them to give him legitimate information.

I'm still not sure what happened today, or how it happened to me, but around noon, my messenger closed and when I logged in again, my picture and text were lost.

Unbeknownst of me, I was being attacked by this "thing" (I'm not sure how to call it). As I recommend to my fellow friends, I proceeded to change immediately my Windows Live ID's password (going into Hotmail, or home.live.com and clicking Options) and it seems that the problem is solved.

Now… how could I get hacked if I'm so cautious about using my personal data on the Internet? I was handling several theories about the attacks my friends were suffering:

1. They followed one of the links they received and installed some kind of malware that took their passwords
2. They installed an "add-on" to messenger (there are plenty of them offering to show you who blocked you out of their contacts lists) and it resulted to be a trojan.
3. They installed a messenger replacement for any reason and that program let their passwords vulnerable.
4. They used their credentials in a public computer that might have had the infection, making their accounts vulnerable.

What is funny in every case is that after checking thoroughly my friends' computers I could not find any clue of any virus infection, so options 1 and 2 seemed less probable.

Anyway, the result is annoying… several months ago, it only sent messages which the recipient could easily ignore, but now it is even making noises and sending nudges or buzzes with the messages, making the spam even more noticeable.

In my case, it seems to be option 3. But it was not MY computer what got attacked.

In my mobile phone I use an application called Fring. I've been a long time user of this app because it allows me to congregate my Windows Live Messenger, Gtalk, Skype , Facebook, my SIP phone and other contacts in only one program allowing me to chat and call them as if it were with the original apps. My stake so far is that the software is not doing a good job in protecting my passwords, so it might be time to switch to a different replacement for these systems in my mobile phone. Anyway, I reported the fact to them, let's see what they tell me.

Keep in mind the four points I depicted here… don't do the fool and let your privacy be in the wrong hands!

(The image in this post was taken from http://www.newport-refugees.org.uk/activities/Safe%20-%20A%20Haven%20for%20World%20Music.jpg)