Jenni Messenger Bot

Jenni is some sort of messenger bot/virus/account hijacking bitch. I’ve located the bot on some other websites, it appears to do the same thing to other people. Here’s what they don’t tell you.

A friends account got hijacked by this thing recently, so I thought I would do some digging. I notified him of it, but he failed to fix it. It was signed in for a good week or so on my block list.Before you assume my computer, or his, is infected, I’m testing all of this on a Virtual Machine. Nothing is infected locally.

What does it do?

It signs into your MSN Messenger, changes your display name to ‘Jenni Goode’, or a different last name every time it signs in. It also puts a link to a website hottiehookup.com. It changes your display picture to a nude, and might I add, a not-too-shabby display picture. Then it spams everyone on your list with this garbage.

Image

It starts off by breaking the ice with the cheesy pick-up line you see above. It works its way up to sending you a link to click. You can see my trigger words and her responses. These seem to be consistent and are similar to an IRC bot.

Here is where it gets interesting. I log into the hotmail account, and change the password. I also change the Security Question and Answer, as well as all the other personal account information such as City, State, Zip, etc, so anyone with the current information cannot reset the password. I sign into MSN Messenger with the new account, change the info back, and sign out.While viewing from another email account that is on the contact list, several minutes later, Jenni is back. How? This is where you point your finger and say my machine is infected. It’s not. Neither was the original machine to which the person was using.

I changed the password from the original password, to ‘password123’. Note that this wasn’t the exact password I used, but it was one word plus the 123.  Jenni was back, changed it to ‘password1234’, Jenni still came back. MSN Messenger showed as having the account signed in from 2 places. (VM-PC) the Virtual Machine I was testing from, and ‘HOME-PC’, the apparent bastard centralization for Jenni.

Image

Solution:

I changed the password 4 or 5 times, one right after the other. As fast as I could. Obvious solution right?  It kept up with my password changes. Even after signing it out of MSN Messenger. Only after I changed them rapidly did it finally go away. Might I add the passwords I used were completely different with numbers and $%^&* characters.

I changed the password back to the original password I made out of curiosity.  ‘password1234’.  And 5 minutes later, Jenni pops back up on the account list.  This bot not only kept up with password changes, but remembered the previous ones and kept trying them.

I guess this brings me to my point. Microsoft has no security features to protect something like this from happening.  The bot isn’t on any of the previously used computers, as I used a VM and my friend hasn’t signed into that account in months. I’m assuming it’s on one of Microsoft’s servers. Not even the “Add Trusted PC” in Hotmail’s security feature settings blocked this. I’d like to hear other thoughts on this.


		
Advertisements