yourContactsHandle says:These messages have appeared in various languages (usually the home language of the contact) and the website content has varied from a very genuine looking site for said berries to blatant activeX exploits designed to infect your system.
Tony and Julie told me today about this amazing new product called bugger berries, I tried them and they are great, you really should have a look at their website http://www.buggerberries.com/
When you call your contact on this they will usually deny all knowledge of sending the message, or may admit that several of their contacts have complained about receiving similar messages from them. There is absolutely no point getting angry at your contact about this, you could loose a friend who is not necessarily at fault. There is also no point in panicking about your system having been infected, unless you did actually click on the link and your anti virus and anti spy ware systems are not up to date, in which case more fool you. If you didn't click the link you are unlikely to have been infected.
The precise cause of this SPIM seems to be a bit of a mystery, the likelihood is that it is your contacts system that has been compromised rather than your own. There are a couple of ways this could have happened to them; Their windows live messenger login could have been compromised , perhaps their login details were phished by a spoof message, a keylogger on their system has relayed the login details to its server or their password was so weak its simply been hacked, or they have been infected by a bot on their system that can access Windows Live messenger. Clearly the first thing you need to persuade THEM to do is to change their Windows Live ID password however this on its own may not proved to be effective, especially if the culprit is a keylogger or a bot infection. I have found only one product which purports to specifically target bots that abuse Windows Live Messenger, this is Clean Virus MSN which supposedly can detect and repair 3,800 MSN virus variants however I can not at this time validate its efficiency in the case of this 'Offline Message Spam' .
At present there seems to be nothing definitive available to tackle this problem, and the problem itself appears to be escalating if the numerous blog messages and screams for help on technical boards are anything to go by, so here is my current advice in regards to this problem:
1. Be very cautious about ANY offline message you receive from anyone, but especially from your trusted contacts if it contains a link to a website, before you click on any such link get your contact to confirm that they sent the message.
2. Let your contact know that you received such a message from them as it is more likely that their system has been compromised by a bot and they need urgently to run anti virus and anti spyware scans on their system as well as changing their Windows Live ID password.
3. Make sure your own anti virus and anti spy ware software is uptodate and is scanning regularly, if it doesn't scan automatically its time to do a manual scan.
4. If your contacts are telling you that you are the source of such offline spam messages don't panic!. Make sure your anti virus software is uptodate and running properly and do a spyware bot scan using the very latest definitions. Personally I use AVG FREE and Spybot search and destroy (also free) and have had no major infections, touch wood, for a long time. If your scans turn up anything at all but particularly remote access trojans or keyloggers you MUST change you passwords once you have cleaned the infection(s). Then its time to apologise or simply explain what has happened to your contacts.
I will be keeping an eye on this problem and if any information surfaces on the precise cause and remedy for this problem I will post the information as soon as I have verified it.
