Technology Explained for All
Spyware
ALERT: New Rogueware–This one can detect which browser your using and customize the fake alert to the browser you are using
Sep 2nd
In a never ending effort to inform the visitors to TGM, here is another ALERT concerning a new version of Rogueware (Rogue:MSIL/Zeven (http://www NULL.microsoft NULL.com/security/portal/Threat/Encyclopedia/Entry NULL.aspx?Name=Rogue:MSIL/Zeven)) that can actually figure out what web browser you are using and then customize the fake message to look like a standard message for the browser you are using. As always the reason these types of attacks work is because of the social engineering aspect, most people don’t know any better, they assume that if the message pops up on their pc the “it must be true”. Unfortunately the messages that you will see as a result of the Rogueware are nothing more than a trick to get control of your pc.
The following article (Written by Daniel Radu of the Microsoft Malware Protection Center) comes from the Microsoft TechNet Blog (LINK) http://blogs.technet.com/b/mmpc/archive/2010/09/01/rogue-msil-zeven-wants-a-piece-of-the-microsoft-security-essentials-pie.aspx (http://blogs NULL.technet NULL.com/b/mmpc/archive/2010/09/01/rogue-msil-zeven-wants-a-piece-of-the-microsoft-security-essentials-pie NULL.aspx) . You should pay close attention to what the fake alert can look at in each of the browsers (At the bottom of the message you get “Upgrade to a reliable solution”).
**************************************************************************************************************************************
Rogue:MSIL/Zeven wants a piece of the Microsoft Security Essentials pie
A new rogue has started making its appearance from compromised websites: Rogue:MSIL/Zeven (http://www NULL.microsoft NULL.com/security/portal/Threat/Encyclopedia/Entry NULL.aspx?Name=Rogue:MSIL/Zeven). We received a sample (70be8ca73142922fd78acf2aafa9f141a977f15a) and a URL and began our investigation.
Let us say from the beginning that the guys behind this rogue like to copy big-time. They start by auto-detecting what browser the user is currently using, and then faking the malware warning page if the browser is Internet Explorer, Chrome, or Firefox. This is meant to be a social engineering scheme in order to trick the user into downloading and installing the rogue, relying on the user’s trust of his day-to-day browser.
The similarity between the fake warning pages is so accurate that it can trick even highly trained eyes.
In the Firefox page, for example, you can see it’s not the real warning page because they misspelled ‘out’ and wrote ‘Get me our of here’.
Chrome
Internet Explorer
But for all three browsers, a common indication that you are not looking at the actual browser warning is the offer of some sort of an “update” or “solution”. All the “updates” point to a copy of MSIL/Zeven that promises to provide “a new approach to windows detection”. Internet Explorer, Firefox, and Chrome do not offer such a solution when a website is blocked.
When installed, the product looks very genuine: it allows you to scan files, tells you when you’re behind on doing your updates, and enables you to tweak your security and privacy settings. These features are usually available in various legitimate antivirus solutions. However, the features don’t work; everything is there just to look nice, not to offer any kind of protection (just like in all other rogue antivirus programs).
Of course once it scans your computer it’s bound to claim it found something scary (malicious), as shown below:
As usual with rogue scanners, although it “found” malicious files, it claims it cannot delete them unless you update. That implies that you need to pay for the full version, which has the ability to download updates. However, these files are totally bogus; no such files exist in the user’s computer.
If you decide to buy the product, this rogue opens an HTML window enabled with ‘Safe Browsing Mode’ and high strength encryption to “help” and ”protect” you while completing your purchase. Of course these features are totally worthless and don’t actually do anything in the way of securing your credit card details.
The main page of the rogue antivirus program itself looks awfully close to the Microsoft Security Essentials webpage – more copying from the bad guys. The people behind it have even copied the awards received by Microsoft Security Essentials and link to the Microsoft Malware Protection Center - pretty sneaky of them.
This is a screenshot of the rogue’s main webpage:
And, by way of contrast, this is a screenshot of the genuine Microsoft Security Essentials (http://www NULL.microsoft NULL.com/security_essentials/) page:
It seems that these guys want to profit on the good reputation and success of Microsoft Security Essentials in order to make money – but we remind our customers that Microsoft Security Essentials can be downloaded at no cost. And it really does protect your computer from malware!
We detect both the downloader of the rogue and the rogue itself as Rogue:MSIL/Zeven (http://www NULL.microsoft NULL.com/security/portal/Threat/Encyclopedia/Entry NULL.aspx?Name=Rogue:MSIL/Zeven).
Until our next encounter: browse safely!
Daniel Radu
MMPC Dublin
Facebook: ALERT – New Malware attack using Facebook. DONT CLICK ON “Most Hilarious Video Ever” wall posts.
May 31st
It seems that recently Facebook has be at the center of many web issues. Unfortunately, this is a trend that seem to continue as now we have a new Facebook attack that has the goal of stealing your credentials (there for taking over your account) in addition to downloading malware on your pc. If you see any wall post about the “Most Hilarious Video Ever”, DO NOT CLICK on it. If its on your own wall delete the post from your wall, if you have already clicked on the link (Fallen for the post), you need to immediately go to your profile and change your password information.
The following information comes from the WEBSENSE blog (LINK: http://community.websense.com/blogs/securitylabs/ (http://community NULL.websense NULL.com/blogs/securitylabs/)) concerning this new FB attack, included below is a video from websense showing how the attack happens.
Posted: 28 May 2010 09:11 PM
(http://community NULL.websense NULL.com/cfs-file NULL.ashx/__key/CommunityServer NULL.Blogs NULL.Components NULL.WeblogFiles/securitylabs/1106 NULL.facebook_5F00_hilarious_5F00_1 NULL.png)
We predicted that this attack would happen again and unfortunately we were right.
This attack is different from previous weekends as not only do the attackers try to steal your Facebook credentials, what happens after that depends on which country you connect from. Once you click on the link to view the video you are taken to a fake Facebook login page where you are tricked into entering your credentials. The login page look like the real thing except of course if you look at the address bar you can see that you’re not on facebook.com. But users can easily be tricked into thinking that they temporarily were logged out of Facebook and to continue they have to login.
(http://community NULL.websense NULL.com/cfs-file NULL.ashx/__key/CommunityServer NULL.Blogs NULL.Components NULL.WeblogFiles/securitylabs/4478 NULL.facebook_5F00_hilarious_5F00_4 NULL.png)
Regardless of what you enter in the login form you are then taken to a page on the real Facebook site that asks you to allow the application to access your profile. If you allow that you’re taken to a page saying that you need to upload your FLV Player to view the video. Up until this point it’s similar to how the two previous attacks have worked, except that this new one also has the phishing component. However, what happens now depends on which country you are connecting from.
If you are coming from a US IP address you are prompted to download the FLV Player, which is detected by 35% of antivirus engines (http://www NULL.virustotal NULL.com/analisis/ba220931f0993b752cc9cc25d449904646528fee138ace928f027bb643f3b61e-1275104977), as can be seen in the screen shot:
(http://community NULL.websense NULL.com/cfs-file NULL.ashx/__key/CommunityServer NULL.Blogs NULL.Components NULL.WeblogFiles/securitylabs/3755 NULL.facebook_5F00_hilarious_5F00_2 NULL.png)
(http://community NULL.websense NULL.com/cfs-file NULL.ashx/__key/CommunityServer NULL.Blogs NULL.Components NULL.WeblogFiles/securitylabs/0842 NULL.facebook_5F00_hilarious_5F00_2 NULL.png)
However, if you’re coming from a UK IP address you’re taken to a quiz where they have to answer 10 questions.
(http://community NULL.websense NULL.com/cfs-file NULL.ashx/__key/CommunityServer NULL.Blogs NULL.Components NULL.WeblogFiles/securitylabs/4617 NULL.facebook_5F00_hilarious_5F00_3 NULL.png)
Once completed the user then gets the chance to win an iPad! All they have to do is to fill in their address. So instead of tricking the user into installing a malicious file, this time they’re after your information in addition to your Facebook credentials from the fake login page.
(http://community NULL.websense NULL.com/cfs-file NULL.ashx/__key/CommunityServer NULL.Blogs NULL.Components NULL.WeblogFiles/securitylabs/8512 NULL.facebook_5F00_hilarious_5F00_5 NULL.png)
It’s very likely that the behavior is different than the two examples we have described depending on which country you connect from. In our testing we only had the ability to test this attack from the US and UK but regardless of where you are connecting from you shouldn’t click on the fake video and never, ever give you Facebook username and password to a website that is not facebook.com. We also recommend you to install Defensio, our free security app for Facebook that will protect your wall from posts like this. You can get it from http://defensio.com (http://defensio NULL.com)
Alert: How to deal with Rogueware software when it tries to load on your computer.
May 18th
While surfing the web today I ran across a another version of the installer that tries to load one FAKE antivirus software (Antivirus 2010 is one of the most common names). The following can come up if you visit an infected website. The site that triggered these pop ups is a well known site, so do not assume that just because you are on a MAJOR website that you are not at risk.
What to look our for
As soon as you get to the website, the following pop up appears. **This is why it is important to read messages before clicking ok.
What you probably wont see (unless you drag the window above around the screen) is the little window (as shown below) that opens directly behind the main window. If you were to expand the little window you will see that its for 1anetantispy.
If you click on the OK button above you will get infected.
What to do if you see the AV check Window
1 – DO NOT CLICK ON ANY OF THE POP UP WINDOWS.
2 – On your computer click on the start button –> click on Run (or type Run in the search box) –> Once you get the run box, type taskmgr into the Run box and press OK
3 – This will open up the Windows Task Manager. Look for all items that involve the browser you are using. (In the example below, its Internet Explorer) Highlight each item and then click End Task. Once all the browser windows close
4 – (A) If you are using Internet Explorer go to Tools –> Options –> and Click on Delete Browser History. (B) If you are using Firefox, go to Tools –> Options – > Privacy –> and click where it says “Clear you current history”.
Alert: Desktop Security2010 – Another Rogueware program which seems to be spreading fast. This is NOT something you want on your pc.
May 16th
Job security is the probability that an individual will keep his or her job, and with the rate of computer clean up that I have to do that unfortunately seems to be going up and not down, I think I have job security for a while (Honestly, this is not the kind of job security that I want). We have had many posts on TGM about viruses, spyware, rogueware, yet the “my computer is infected” calls continue to come in, as people continue to fall for the tricks that get them infected.
The latest rogueware infection is called DesktopSecurity2010. What will happen if you get infected with the DesktopSecurity2010 rogueware
- DesktopSecurity2010 is an adware program that warns users of non-existing threats in their computers so that they purchase a certain program that removes them from the computer.
- Additionally, in order to make users think that their computer is really infected, it displays a warning message when the computer is restarted, and from time to time the screen fades to black and other times blinks with different colors.
- DesktopSecurity2010 can reach the computer when the user accesses certain websites which display banners or pop-up windows which lead to the download of this program. It can also reach the computer in a link that can be received via spam messages, fraudulent websites, etc.
What should you look out for when web surfing
DesktopSecurity2010 is easy to recognize, as it shows the symptoms below (These are some possible symptoms, you can still get infected without seeing these):
- It reaches the computer in a file with the following icon:
- When it is run, a screen to install the program is displayed:
- Once installed, it starts to carry out a system scan in search for possible malware and once finished, it displays warning messages informing users that the computer is infected:
One of the known ways that the rogueware is installing
The following post on the PandaLabs site (LINK: http://pandalabs.pandasecurity.com/making-new-friends%e2%80%a6/ (http://pandalabs NULL.pandasecurity NULL.com/making-new-friends%e2%80%a6/)) shows 1 of the ways you can get infected. Two of the clean up jobs that I have had to do in this past week occurred because the user also fell for a greeting card email as described below (Confirmed).
Making new friends…
- Posted on 05/13/10 by Olaiz
I’m very happy because I’ve received a greeting card via email from a new friend, thought it’s not my birthday, my saint’s day or anything like that 
Look what a nice card I’ve received:
Besides, it has been sent from 123greetings, which is a legal website to download and send cards, so it must be trustworthy.
I’ve clicked the picture of the message and I’ve been redirected to the website http://luxxxx.googlegroups.com/web/setup.zip, but I can’t see any greeting card here, but a Google groups website containing a link… maybe I have to follow the link in order to view it…
There’s no way. I can only see the Windows of an antivirus called DesktopSecurity2010 (http://www NULL.pandasecurity NULL.com/homeusers/security-info/218297/DesktopSecurity2010) informing me that my computer is infected and that I have to pay the license in order to eliminate the malware. I think that I got infected 
and I have neither a greeting card nor a new friend…
Now, talking seriously, yesterday we commented how this false antivirus was using Google Groups users (with malicious intentions) to be distributed. In fact, the URL from which the rogueware is downloaded is like the following:
http://Google Groups user.googlegroups.com/web/setup.zip
Some of these users are felixss, gorlum or misterxyz.
Google has reacted to this and has started blocking these malicious users. So, if you try to access any URL that uses these malicious users, the following message is displayed informing you that the user cannot be found:
Even so, some malicious accounts may still be active, so don’t trust messages like this and don’t follow any link like those we’ve previously mentioned in this post.
So what can you do to help protect yourself
- If you get a link, email, instant message, asking you or telling about something you were not expecting, even if it seems to be from someone you know, DO NOT TRUST IT! Getting a message from grandma saying check out the new pictures i upload and realizing she is 80 years old, ask yourself, does grandma really know how to upload pictures? It only takes a minute to call the person, and get a response to “did you send me….. message”, if they did, they will tell you instantly. If they didn’t they will be the 1st to say “What are you talking about”.
- Because of Twitter, the use of link shorting sites seems to have become the norm. The problem is that a link to http://bit.ly/dr9Ucz (http://bit NULL.ly/dr9Ucz) could be a link to many place. How do you know if it is a safe link or not a safe link. Again, even if the link is sent to you by someone you know, DO NOT TRUST IT unless you were specifically expecting it. For the record, http://bit.ly/dr9Ucz (http://bit NULL.ly/dr9Ucz) is actually a link to techgeekandmore.com, and TGM does not list shorten links on the TGM site, because we want you to know where you are clicking to. One thing you can do to check shortened links is visit sites that expand the shortened link. (If you use one of these link expander services and copy the link, be careful to copy the link and NOT accidently double click on the link) Some of the sites you can visit to use to expand links
-> LongURL (LINK: http://longurl.org/ (http://longurl NULL.org/)), PrevURL (LINK: http://www.prevurl.com/index.php (http://www NULL.prevurl NULL.com/index NULL.php)), ExpandMyURL (http://www NULL.expandmyurl NULL.com/) (LINK: http://www.expandmyurl.com/ (http://www NULL.expandmyurl NULL.com/)), URL Snoop (http://urlsnoop NULL.com/) (LINK: http://urlsnoop.com/ (http://urlsnoop NULL.com/)), Securi.net (http://sucuri NULL.net/?page=tools&title=check-url) (LINK: http://sucuri.net/?page=tools&title=check-url (http://sucuri NULL.net/?page=tools&title=check-url)). At all the sites, enter the shortened URL and click to find out where the link will lead
-> In addition if you use Firefox to browse the web, you can install LongURLPlease (LINK: http://www.longurlplease.com/ (http://www NULL.longurlplease NULL.com/)), or LongURL (LINK: http://longurl.org/tools (http://longurl NULL.org/tools)), which are Firefox browser extensions that automatically preview the destination URL for shortened links from just about any shortener you can name.
- As always make sure that your PC is updated with all the latest Windows Updates, your Anti-virus is updated, your install of JAVA is updated, your install of Adobe Flash player is updated, Your PDF reader is updated. Most viruses, spyware, rogueware use problems with these programs to get into your computer. Use can use sites like File Hippo (LINK: http://www.filehippo.com/ (http://www NULL.filehippo NULL.com/) ) to check and make sure your programs are up to date.
What to do if you do get infected
If you still get infected, you can use SuperAntispyware and Malwarebytes programs to clean your machine, I recommend downloading both before you get any infection. Run them on a regular basis (Regular = once a week or so), even if your computer does not show any signs of issues.
To download both programs I recommend using Ninite (LINK: ninite.com)
If you would like to see more information on ninite you can see the TGM post http://www.techgeekandmore.com/2009/12/25/software-two-must-haves-for-the-new-pc-pc-decrapifier-and-ninite/
If after running SuperAntispyware and Malwarebytes, you are still infected, then you will need to use a PE (Physical Environment) disk. The PE disk that TGM recommends is UBCD (LINK: http://www.ubcd4win.com (http://www NULL.ubcd4win NULL.com)). The how to for the UBCD can be found at http://www.ubcd4win.com/howto.htm (http://www NULL.ubcd4win NULL.com/howto NULL.htm) .
Alert: Fake Facebook Email – Its another trick to get you to download a virus.
Mar 22nd
Another “old friend” seems to be making an email visit again. People have started getting the following email claiming that “The Facebook team” has reset your password and that you have to click on the download to get your information….
***********************************************************************************************************
Facebook Password Reset Confirmation NR.2033
From: The Facebook Team | Date:
17/03/2010 8:09 AM | Email
To: xxxxxxx@xxxxxx.com
Attachments: Facebook_password_2264.zip (62 KB) (62 KB)
Hey xxxxxx ,
Because of the measures taken to provide safety to our clients, your
password has been changed.
You can find your new password in attached <document.
Thanks,
The Facebook Team.
***********************************************************************************************************
Considering how many calls and messages I’ve gotten today about infected machines, I’m know people are falling for it. So lets start with a simple lesson : FACEBOOK DOES NOT RANDOMLY CHANGE USERS PASSWORDS AND IT DOES NOT SEND YOU VIA EMAIL YOUR UPDATED INFORMATION IN AN ATTACHMENT. SO DONT OPEN THIS EMAIL IF YOU GET IT. OK with that being said, here are some tips while using Facebook (Directly from the Facebook Blog http://www.facebook.com/security?ref=blog#!/security?v=app_7146470109&ref=mf (http://www NULL.facebook NULL.com/security?ref=blog#!/security?v=app_7146470109&ref=mf) )
When we talk about security, we’re talking about scams, viruses, and hacks that could infect your computer or take over your Facebook account and result in a lot of annoyance for you and your friends.
Security isn’t just an issue on Facebook, but all over the web, which is why it’s important to be aware online, and to learn how to protect your accounts and your computer.
Here are some ways to be smart and aware on Facebook and across the Internet:
- Use different passwords for your various online accounts. If you use the same password everywhere, and it’s stolen, you could lose access to all of your accounts at once.
- Be wary of where you enter your password. Just because a page on the Internet looks like Facebook or another site you use, it doesn’t mean that it is. Check the address bar in your browser, and learn to tell the difference between a good URL and a bad one. If you ever have doubts about the legitimacy of a link, simply type the website’s URL (for example, http://www.facebook.com) into the address bar.
- Don’t share your passwords with anyone. Don’t do it. Most reputable online services will never ask for your password through any form of communication.
- Don’t click on links or open attachments in suspicious emails. If the email looks weird, don’t trust it, and delete it from your inbox immediately.
- Use a complex password that can’t be easily guessed. Avoid common words, and make sure your password is at least eight characters long and includes capital and lower case letters, numbers, and symbols.
- Be suspicious of any email or message that contains an urgent request or asks you to update your information or provide new information.
- Be suspicious of emails or messages that contain misspellings or use bad grammar, especially if they’re from someone who is usually a good writer.
- Make sure you have an up-to-date web browser equipped with an anti-phishing blacklist. Some examples are Internet Explorer 8.0 and Firefox 3.0.10.
- Make sure you have up-to-date comprehensive security software on your computer that includes anti-virus, anti-spyware, anti-phishing, and a firewall.
- Make sure you’ve set your operating system to update automatically.
- Make sure you’ve listed a security question and answer for your online accounts. This will come in handy if you ever lose access and need to prove who you are. You can do this on Facebook from the Account Settings (https://register NULL.facebook NULL.com/editaccount NULL.php) page. You should also add a mobile phone number from this page (http://www NULL.facebook NULL.com/mobile/?settings), which will help if we ever need to send you a text message to confirm your identity.
- Remember that you choose what you share and with whom you share it. Think before you post, especially if the information is sensitive or personal in nature. You can learn more about how to control your information on Facebook, including how to choose an audience for each and every post you make, in our Privacy Guide (http://www NULL.facebook NULL.com/privacy/explanation NULL.php)
In addition here are some known threats that you can find while using Facebook (Also directly from the Facebook Blog http://www.facebook.com/security?ref=blog#!/security?v=app_4949752878&ref=mf (http://www NULL.facebook NULL.com/security?ref=blog#!/security?v=app_4949752878&ref=mf) )
Spammy Wall Posts, Inbox Messages, and Chat Messages
When criminals gain access to a Facebook account, they usually post spammy comments on friends’ Walls, or send spammy messages through Inbox or Chat. These messages ask you to click on a link and often try to entice you by claiming there’s a new photo or video of you somewhere on the Internet that you need to check out. The link then takes you to a phishing (http://en NULL.wikipedia NULL.org/wiki/Phishing) site that asks you to enter your login information, or a malware (http://en NULL.wikipedia NULL.org/wiki/Malware) site that prompts you to download malicious software.
Don’t click on strange links in posts or messages, even if they’re from friends. If it seems weird for an old friend to write on your Wall or send you a message, it’s possible that the person’s account has been taken over by a spammer. Be particularly cautious of posts or messages that contain misspellings or use bad grammar.
Money Transfer Scams
Scammers sometimes post status updates, or send Inbox or Chat messages, from a friend’s account claiming that the friend is in some difficult situation and in need of money. These messages ask you to help by wiring funds through a money transfer service.
Never send money without first verifying the story through some other means, such as by talking to the person over the phone. If a friend’s account has been taken over, contact us (http://www NULL.facebook NULL.com/help/?faq=14257) so that we can block access. If you’ve sent money, report it to the money transfer service, and, if you’re in the United States, the Federal Trade Commission (http://www NULL.ftc NULL.gov/bcp/edu/pubs/consumer/alerts/alt034 NULL.shtm) or the Federal Bureau of Investigation (http://www NULL.ic3 NULL.gov/default NULL.aspx). You’ll find more tips and a complete transcript of a real conversation with a scammer here (http://www NULL.facebook NULL.com/note NULL.php?note_id=96651525765).
Fake Notification Emails
Spammers and scammers sometimes send phony emails that have been made to look like they’re from Facebook or another reputable website. These emails can be very convincing, and the “From:” field can even be spoofed to include “Facebook” or “The Facebook Team.”
If an email looks strange, don’t click on any of the links in it, and delete it from your inbox immediately. Be especially wary of emails that ask you to update your account, tell you to open an attachment, or warn you to act quickly before something happens.
Chain Letters and Messages from Phony Facebook Employees
You might occasionally see a status update or message making some claim about Facebook and urging you to take an action. Examples include:
- Facebook is becoming overpopulated.
- Facebook is going to start charging money.
- Certain users have special access to profile information.
- Facebook is selling your data.
Sometimes, these come from people claiming to be Facebook employees who then ask you to provide your password or other personal information.
If a status update or message doesn’t look right, don’t believe it. Disregard it, and tell your friends that it’s phony. If someone pretending to be a Facebook employee asks you for your password, don’t give it out, and report the person immediately by clicking the report link either on the message or the person’s profile.
For more information about Facebook site governance and privacy, check out these documents:
Facebook Principles (http://www NULL.facebook NULL.com/principles NULL.php)
Statement of Rights and Responsibilities (http://www NULL.facebook NULL.com/terms NULL.php)
Privacy Policy (http://www NULL.facebook NULL.com/policy NULL.php)
Suspicious Applications
Facebook has strict policies (http://developers NULL.facebook NULL.com/policy) for developers to help make sure that applications don’t misuse your data. While most applications play by the rules, you may occasionally come across one that doesn’t quite look right.
Use caution when interacting with applications. If you think an application is violating our policies, report it to us through the link on the application’s About page. You may also want to block the application by clicking the “Block” link on its About page.
Now that you have seen the information directly from Facebook let me add one more thing. I will acknowledge that having to chase down and fix computers for people who fall into the traps above (as well as other know internet virus/malware/rogueware traps) is job security. Seriously this is not the type of job security I had in mind.
Alerta: Mensaje en Espanol de correo electrónico que es un Virus de computadora.
Mar 22nd
Desde el inicio de la TechGeekandMore, uno de los ejes más grandes ha involucrado virus de computadors (que se llaman Rogueware o Malware). Rogueware y malware pueden infectar un pc a través de diversas maneras (visitar sitios del Web, haga clic en vínculos, a través de correos electrónicos, o mas….). Hasta ahora, todas las advertencias de correo electrónico cubierto correos electrónicos en inglés, porque eso es lo que se sabia que existia. Sin embargo por ahora puedo informar oficialmente que los correos electrónicos son ahora multi-lenguaje. Esta noche he recibido un correo electrónico (que me mando un miembro de familia) que dice "Amix, esto tienes probarlo".
La versión en inglés del correo electrónico se a visto por un tiempo, "Cheques para ver quien te está bloqueando en MSN". El gancho del ser que si puede clic en el enlace proporcionado en el correo electrónico, que podrá ver (supuestamente) que ha le bloqueado de su lista de MSN Messenger. Como se señaló mirando el origen del correo electrónico (abajo), es casi una traducción exacta de la versión en inglés, afirmando que si se mira el enlace usted será capaz de ver que está bloqueando le (bloquear las direcciones de internet dentro de la fuente del correo electrónico)
(http://www
