Jenni Messenger Bot


Jenni is some sort of messenger bot/virus/account hijacking bitch. I’ve located the bot on some other websites, it appears to do the same thing to other people. Here’s what they don’t tell you.

A friends account got hijacked by this thing recently, so I thought I would do some digging. I notified him of it, but he failed to fix it. It was signed in for a good week or so on my block list.Before you assume my computer, or his, is infected, I’m testing all of this on a Virtual Machine. Nothing is infected locally.

What does it do?

It signs into your MSN Messenger, changes your display name to ‘Jenni Goode’, or a different last name every time it signs in. It also puts a link to a website hottiehookup.com. It changes your display picture to a nude, and might I add, a not-too-shabby display picture. Then it spams everyone on your list with this garbage.

Image

It starts off by breaking the ice with the cheesy pick-up line you see above. It works its way up to sending you a link to click. You can see my trigger words and her responses. These seem to be consistent and are similar to an IRC bot.

Here is where it gets interesting. I log into the hotmail account, and change the password. I also change the Security Question and Answer, as well as all the other personal account information such as City, State, Zip, etc, so anyone with the current information cannot reset the password. I sign into MSN Messenger with the new account, change the info back, and sign out.While viewing from another email account that is on the contact list, several minutes later, Jenni is back. How? This is where you point your finger and say my machine is infected. It’s not. Neither was the original machine to which the person was using.

I changed the password from the original password, to ‘password123’. Note that this wasn’t the exact password I used, but it was one word plus the 123.  Jenni was back, changed it to ‘password1234’, Jenni still came back. MSN Messenger showed as having the account signed in from 2 places. (VM-PC) the Virtual Machine I was testing from, and ‘HOME-PC’, the apparent bastard centralization for Jenni.

Image

Solution:

I changed the password 4 or 5 times, one right after the other. As fast as I could. Obvious solution right?  It kept up with my password changes. Even after signing it out of MSN Messenger. Only after I changed them rapidly did it finally go away. Might I add the passwords I used were completely different with numbers and $%^&* characters.

I changed the password back to the original password I made out of curiosity.  ‘password1234’.  And 5 minutes later, Jenni pops back up on the account list.  This bot not only kept up with password changes, but remembered the previous ones and kept trying them.

I guess this brings me to my point. Microsoft has no security features to protect something like this from happening.  The bot isn’t on any of the previously used computers, as I used a VM and my friend hasn’t signed into that account in months. I’m assuming it’s on one of Microsoft’s servers. Not even the “Add Trusted PC” in Hotmail’s security feature settings blocked this. I’d like to hear other thoughts on this.


					
Advertisements

5 thoughts on “Jenni Messenger Bot

  1. Hi dude, how are you?

    Well, I’m having the same problem right now, I’m keep testing but it seens that nothing is working right. I tried everything: change my password, scan with the best antivirus that I could use here, same for antispyware and malware.

    My thoughts for now are: The System here is Windows XP and the msn version is 2010, i didn’t test on Windows 7 and late versions, so I believe that this virus got everyone that has THIS version or are using Win XP maybe.

    I will try at home on other OS, if the problem persist, maybe it IS really something going on Microsoft.

    Hope that u can reply.

    • I don’t think the virus/bot originates from your own computer. It appears to be on a server somewhere else and gets into your account by trying weak passwords. The way I fixed it, go to your hotmail password settings, change the password 4 or 5 times in a row and sign into msn messenger to boot the bot out. Make sure the passwords you are using are strong and each password completely different from the previous. I found out it bruteforces variations of your previous password, such as adding a “1” or an extra character to it. Hope this helps.

      • Ok, I changed my password and then boot on my messenger, for now, nothing happened, if the bot returns, then, it is a server problem.

        Thanks for the help!

  2. It’s really sad to see that microsoft’s security settings are still so poor. I had an ex hack my hotmail account about 10 years ago and they wouldn’t give my account back because they changed the address, phone, etc so they told me the information didn’t match. SERIOUSLY WTF!!!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s