Security alert: Active links in Messenger 2009 temporarily turned off to prevent a malicious worm

Security alert: Active links in Messenger 2009 temporarily turned off to prevent a malicious worm

  • Comments 132
  • Likes

A particularly malicious worm (a self-replicating computer virus) is currently trying to spread itself through many of the world's largest instant messaging and social networks, including Windows Live Messenger 2009. We’re very serious about protecting our customers, and are pursuing multiple avenues to help stop its progress. The worm spreads by inserting a link into an IM conversation with a person whose computer is already infected. When someone clicks the link, it opens in a browser, downloads the worm on the recipient’s computer, and then repeats this process.

Normally, when Messenger sees a web address in a conversation it is turned into a hyperlink which, when clicked, automatically opens in a web browser. This feature makes it very easy for the malicious worm to be unknowingly installed on your computer by clicking on the link and being sent to a web site containing the malicious software. We’re pursuing a number of activities to help protect you, working actively with industry experts and law enforcement to help stop this criminal activity.

Most notably, we’ve temporarily turned off active hyperlinks for web addresses sent in IM conversations using Windows Live Messenger 2009. You will still be able to copy a web address and paste it into a browser window if you know it to be safe, but by removing active hyperlinks from Messenger 2009, we’re taking a significant step towards stopping the unintentional spreading of this worm.

Because we’ve now blocked active links in Messenger 2009, starting today, some customers may also see a notification in the main Messenger window warning them that some features might not be available.

Messenger warning message

Messenger 2011 is not impacted in the same way, thanks to its Link Safety feature. However, we are actively monitoring the situation and investigating different approaches to help protect customers using the latest version of Messenger, should the situation change.

As always, we encourage customers to exercise caution with links to web pages that you receive in IMs, especially if the links are to a web page that you are not familiar with, unsure of the destination of, or suspicious of. Malicious software may be installed in your computer simply by visiting a web page with harmful conteaqnt.

If you think your computer may have already been infected by a malicious worm, check the , please visit the Security TechCenter on Microsoft TechNet, and then download and use the malicious software removal tool. For additional help with Messenger, check out the Messenger Solution Center.

John Scarrow
General Manager - Safety Services

132 Comments
You must be logged in to comment. Sign in or Join Now
  • @ Pascal

    Sorry for the late reply. I understand not everyone is going to be happy. But I wish they would give us a choice in these matters. I wouldn't mind if they sent things to my e-mail saying, "Hey we want to try this, will you test it for a week, give us a yes or no?" But I do feel like they are forcing us to 2011 version and honestly I think it is the worst update they have ever made.

    I would have been perfectly fine with the hyper links being turned off if I was informed. I thought my computer was bugged because I have accidentally clicked on a virus link and it has bugged my messenger like that before. So when hyper links were turned off I freaked out thinking I had a virus and was trying to fix my comp. Then a friend of mine sent me a link to this blog.

    I love the old messenger, wish they wouldn't change a good thing. Let us choose our updates and style but make all the versions compatible with each other. Personally, I'd go back a few messengers for sharing folders. I loved that function.

    Anyways, nice reading this. I'll probably just use that fix by the end of the month and just leave it at that.

    Oh, before I go. Does anyone know where the 2009 version stores emoticons? I would like to put the folder on a floppy so I don't lose my emotes.

  • Hemingray
    85 Posts

    Ok someone tell me why Windows Update not only turned itself to automatically install, but also re-enabled Microsoft update? Something's not right here.

  • I'm an IT professional, and have been using Windows for years. After the "incompatible driver" debacle with Microsoft finger print readers, shouldn't have to use Orca to change the product ID to get around it(only on 32bit to boot), I plan on going to OSX. I can use Office, and play games on it: thank you Blizzard and Steam(seeing more games like Half-Life 2, Left 4 Dead 2, and Civ 4 for Mac) for getting the snowball rolling.

    They may be pricier, but at least they don't have morons working for them that pull this crap all the time. I used OS X doing QA work for a software company before, and it was pretty good: built from scratch and the success was the reason Mircocrud did the same with VIsta (yet horribly failed because XP was great.)

    So congratulations Microcrud. You have successfully scared away a customer that thought he would be one for life after XP was launched. I'm not a baby, this shouldn't be a nanny state OS(get too much from the government), and I know what I am doing, and most of all I know the links that I'm clicking on(not hard to hold the mouse over to verify the web address.) Honestly, there should have been a white list in 2009 instead of just disabling it. Chances are that link to youtube.com is not malicious.

  • Hemingray
    85 Posts

    I have to suspect that if a forced update to 2011 comes along, there would be a rebuild of 2009 for XP users (think back to the big update to WLM 2008 from MSN 7.1/7.5. Windows 98/ME/2K users got a rebuilt MSN 7.1) If this happens, one could just opt to use the rebuilt 2009.

  • Hemingray
    85 Posts

    @drinky

    Huh? Which one of my posts was that in response to? o_O

  • Drinky
    2 Posts

    @Hemingray

    Then I would go about creating hyperlinks, as there is a definite urge for it

  • www.generationmediagroup.com/.../re-enable-links-in-messenger-09

    works for me YEAH!!!!!!!!!!!!!

  • just intall the Amsn...i use it on linux and i decide it to use it on windows vista...support plus...and of course LINKS!

  • Hemingray
    85 Posts

    Contact list errors are plaguing third party clients (Pidgin, etc), but I've not seen them in 2009 yet. Maybe it's only affecting 14.0.8117? I'm still on 14.0.8089.

  • Hemingray
    85 Posts

    @submerisible: Probably can ignore it, you're 100% safe from it since 2011 doesn't support XP

  • Whoops, missed a question from Hemingray.  Last week I got a pop up informing me about Messenger 2011.  Just once.  I'm on XP.

  • Messenger 2009 has been throwing frequent "contact list not available" errors at me the past few days (my wife, too).  Prepare to be dragged kicking and screaming to 2011...

  • Hemingray
    85 Posts

    this is going nowhere fast. Let's just all use the link re-enabler patch posted here and get on with life. We all know that Microsoft has screwed the pooch with this.

  • Pascal
    5 Posts

    @FreakyGamer4, Microsoft does certainly care about what people think, but with millions of users there is always a part of them who don't like what happens and that are usually the ones you see complaining on a blog like this.

    If you read the article at windowsteamblog.com/.../using-your-feedback-to-improve-windows-live.aspx you can see how the feedback is used.

  • Pascal
    5 Posts

    @pizzed, this is a blog that gives you an update on what is done, not a Technical support forum. If you want a reply to what you post you should post on the support forum at http://www.windowslivehelp.com.

    And to answer your question, you are still able to send links, only the person who receives it (if (s)he uses WLM 2009) needs to copy and paste the link instead of simply clicking it.

  • Pizzed
    1 Posts

    Irritated 4 two reasons.

    The TS hasn't replied to any of theese questions that people have posted and 2 No one informed anyone about this have been sitting here for over 2 weeks not knowing what the hell is wrong and thinking it's my PC.

    Now my question, when will we be able to send links again, and if NEVER MSN needs to make a nnew version of msn that is just like 2009 v.. I hate the new version it sucks and I am not alone to think so.

    Have been using MSN since day 1 and I think this si ridiculous not informing people and basically not giving a f***!

  • Personally I think the simplest thing to say is, Microsoft doesn't care one bit if we like 2011, they don't care about any of us loyal users who choose their messenger over all others, and they don't care to listen to us.

    I loved this messenger when I first started using it, then the updates brought cooler stuff. Suddenly the updates started taking away things, adding useless stuff, and now we get the piece of crap 2011 when you finally released something that was decent (decent being the 2009 messenger). Seems they are just going to continue going downhill.

  • Some people are not that bright and click bad links, give their WL login to bad websites and then they don't bother changing their password when they get a virus. I get that.

    However, I tried WLM 2011 for 2 months and couldn't get used to it, lots of little irritating things. I only used it that long for the Facebook chat, but it wasn't enough to keep me.

    Also, I'm happy that Microsoft feels proud of the annoying hurdle before said dumb person skips the text and gets the virus anyway, be it delayed, but jumping the 'smart screen' hurdle for every link was one of the things which sent me back to WLM 2009. Can we at least have an 'opt-out' choice in Messenger options; "Turn Active Links On / Off "?

    Or how about you put options into WLM 2011 to turn off the smart screen?

    (Other things that bugged me):

    - I also want to a choice of shortcut for emoticons; I want to be able to send '<3' without it turning into the cheesy heart.

    - I REALLY want to have handwriting back. I miss the fun times I had drawing pictures; in WLM 2011 you can't even accept other people's drawings.

    Probably because 12 year olds drew one too many indecent body parts? If WLM stops them, they'll do it somewhere else. People can still say bad things, you can never get a good enough filter for that, so will you stop people from sending all text too? Then it will just be emoticons and video calls. People do indecent things on video calls too, so are you gonna stop that service too? And then emotes can be organised to send indecent messages like <party hat> <sheep> <heart>, are you going to switch off emoticons after that? Then it's just a notifier to see if your friends are online. Display names can be indecent too, better get rid of that. - Trying to be clear here. Is it clear? Or should I point out another indecent method of communication through WLM?

    - I also noticed that WLM 2011 let you see Facebook content, but you couldn't 'Like' anything. Pretty close to useless.

    - As well as auto-sign in doesn't work if you get disconnected for too long. I think it should check for internet every 5 minutes at least.

    There were a bunch of other things I could moan about, but I'm tired of moaning. Bottom line, most prefer WLM 2009, why don't you merge it into 2011 in the form of more options so people can have what they want in both versions?

    - Thanks.

  • Hemingray
    85 Posts

    @Submersible: Are you on Windows 7 or Vista? I'm using 2009 and not getting asked to update...

  • Messenger 2009 is now giving me a screen urging me to update to 2011 upon startup.  I assume links will never be turned back on in Messenger 2009.

  • Paradox
    6 Posts

    @Pascal

    "@Paradox, I shall explain why I think the current system is better than the old one with the allow- and block list.

    In the block list, there was a limit of 1200 contacts that could be blocked. There were a lot of people who complained that they could not delete people from the blocklist because they were still in the contact list of these people, with the block list, there were a lot of people receiving spam messages from people that were not in their contactlist or their block list. These issues are now completely resolved with one change."

    Then why not increase the limit, then? Would've been a lot more convenient, instead of "appearing offline" to hundreds of bots(who can still send you messages, by the way). And why did they remove the option to talk to people in offline-mode? That was pretty good feature.

    "Of course for many people none of these were big problems, because there are many ways to prevent getting problems from this, but there is a large amount of Messenger users who have very little knowledge about safety online, and Microsoft does there best to make their service safer for everyone."

    Again. Your opinion.

    "I don't know why the handwriting was removed, I am not aware of any serious problems that there were with this feature, but I also never really understood the need for this feature. It is easy enough to share a picture, specially now with Photo IM."

    Me, and several others, had lots of fun with the handwriting feature. Removing it was a bad move on Micro$ofts part.

    "About the Display name, even if there is a need to have very complex display names, with information that fits much better in the status message, it is still possible to change this in the options window. If you click on the Edit name button on the Personal details tab (sorry if these options are called differently in the English Messenger, but it should be something like that) it will take you to your profile. If you change your name there it will also change in Messenger."

    How very convenient(sarcasm). Why not just keep the option of changing it on the spot, instead of having to log into Windows Live and change things there as well?

    "Facebook integration? If you don't want it, you don't activate it. Simple as that."

    I haven't, and that makes 2011 redundant for me.

    "The main point however of this blog post was that an extra security option has been put in place for Messenger 2009, to reduce the risk of people being infected by a virus that is spreading through Messenger. It is not a way to make people upgrade to Messenger 2011, just a security update."

    A ridiculous one at that. How exactly is this preventing anything? The same idiots, who are foolish enough to click an infected link, will just copy and paste it instead. And with an update like this, they're basically telling us we're not capable of protecting ourselves, and they have to do it for us(not that this is a problem for me anymore, I followed Wakachu's suggestion and hacked it)

    "The step to make people upgrade will come at a later stage, like always, that you cannot sign in anymore unless you upgrade to the latest version, and then probably only XP users will be able to keep using Messenger 2009 (because for them 2011 is not available)."

    Let's hope they're not that stupid. If that happens, then I will just Skype from now on.

  • Pascal
    5 Posts

    @Paradox, I shall explain why I think the current system is better than the old one with the allow- and block list.

    In the block list, there was a limit of 1200 contacts that could be blocked. There were a lot of people who complained that they could not delete people from the blocklist because they were still in the contact list of these people, with the block list, there were a lot of people receiving spam messages from people that were not in their contactlist or their block list. These issues are now completely resolved with one change.

    Of course for many people none of these were big problems, because there are many ways to prevent getting problems from this, but there is a large amount of Messenger users who have very little knowledge about safety online, and Microsoft does there best to make their service safer for everyone.

    I don't know why the handwriting was removed, I am not aware of any serious problems that there were with this feature, but I also never really understood the need for this feature. It is easy enough to share a picture, specially now with Photo IM.

    About the Display name, even if there is a need to have very complex display names, with information that fits much better in the status message, it is still possible to change this in the options window. If you click on the Edit name button on the Personal details tab (sorry if these options are called differently in the English Messenger, but it should be something like that) it will take you to your profile. If you change your name there it will also change in Messenger.

    Facebook integration? If you don't want it, you don't activate it. Simple as that.

    The main point however of this blog post was that an extra security option has been put in place for Messenger 2009, to reduce the risk of people being infected by a virus that is spreading through Messenger. It is not a way to make people upgrade to Messenger 2011, just a security update.

    The step to make people upgrade will come at a later stage, like always, that you cannot sign in anymore unless you upgrade to the latest version, and then probably only XP users will be able to keep using Messenger 2009 (because for them 2011 is not available).

  • Paradox
    6 Posts

    "A lot of people say they dislike Windows Live Messenger 2011, I'm sure for most of them that is because they have not been able to find their way around it and decided to dislike rather than get to know it better. "

    I was able to navigate the program perfectly well. Still, I have no interest in Facebook integration or any of the other features, so I decided to stick with 2009 for now.

    "Messenger 2011 is a lot easier and more user friendly than Messenger 2009."

    That's your opinion. I disagree.

    "If you don't like the new look of the main window, just click on the icon in the top right to switch to compact view and it looks like you were used to."

    What's the point upgrading, then? If I am just going to stick with my small 2009-style interface, I might as well just stick with 2009.

    "If you don't like that you cannot block contacts, you actually can, you rightclick the contact and select Appear offline to user, and if you want to permanently block a contact you simply delete the contact."

    How very convenient. I am surprised you have the audacity to call this version user friendly, with a ridiculous system like this in place. It would be a lot more simple with a block list, instead of this obscure and utterly useless feature.

    Not to mention the removal of display names and handwriting. Why the hell where these features removed anyway?

    That said. You are entitled to your opinion, and if you prefer 2011, then I say go for it. Me, and most of the others on this page, will stick with good ol' 2009 for now.

  • Pascal
    5 Posts

    @DarkOverord English is not my mother tongue, so sorry that I don't understand what you mean with bloated.

    There are actually not many features removed that were there in 2009, most things that were there in 2009 and seem to have been deleted are actually still there, but just in a different way, and these changes are all for good reason.

    You have to keep in mind for a service with over 15 million unique users worldwide it is impossible to keep everyone happy when you change the functionality of a program, and if you don't change anything people will start complaining that you do not develop anything new

  • @Pascal Stil

    We've explained why. My reasons are it's even more bloated. And it removed a lot of the features that were actually GOOD from 2009...

  • Pascal
    5 Posts

    A lot of people say they dislike Windows Live Messenger 2011, I'm sure for most of them that is because they have not been able to find their way around it and decided to dislike rather than get to know it better.

    Messenger 2011 is a lot easier and more user friendly than Messenger 2009.

    If you don't like the new look of the main window, just click on the icon in the top right to switch to compact view and it looks like you were used to.

    If you don't like that you cannot block contacts, you actually can, you rightclick the contact and select Appear offline to user, and if you want to permanently block a contact you simply delete the contact.

  • 3mendo
    4 Posts

    You know, i somehow appreciate Windows Live Team job, i mean, messenger is free (well you have to use it with windows that is not free), but you don't pay anything more for having the Live products, so i don't blame them for putting Ads or pushing new version that can or cannot (actually they are not) better than the former ones. I blame them because they pretend to act as a goog willing, close minded parent who keeps us safe from the bad things in life. I mean, they are not good at it and they don't fake it good. I blame them because they act as we are all idiots, all the users, many of them actually are dumb users, but if their policy would have been to educate and not to limitate or enclose in locked systems today they would have a better customer base.

    Microsoft is like the Church, keeps you ignorant telling it is for your own good... and demands us to believe them... even when their lies become so clear.

  • Well I mean a plug -in that Enable colored nickname !!!

  • It would be better if Microsoft would Make official  free plug-in for messenger plus that would replace the "Messenger Plus Live add-in" it will be more secure....

  • Paradox
    6 Posts

    @Wakachu

    I have already enabled the hyperlinks again using the hex editor. Still, I am curious to know whether or not John is going to actually give us an estimate here. The fact that it's been two weeks, and no further from Microsoft, isn't exactly helping their case....

  • MicroSHAFT detele my comments all you will. Your products still suck nowadays. You've made MSN about as fun as wii sports and I mean that in the worst way possible.

  • that is really not fear,,doing such thing just to make us update to 2011!!

    some people ,,me for example have Vista sp1 and that made hard to me to update to 2011

    because its just work with windows 7 or vista sp2

    so people must buy new laptops just to update the messenger !!and because the processor is not enough to hold windows 7 and vista sp2 requirements....

    "" This Called CHEATING !!""

  • Hemingray
    85 Posts

    @jbdub82: We've been doing THAT since 6.x of MSN messenger. There's many writeups on getting older versions to sign in w/o a forced upgrade.

  • wayc
    1 Posts

    Anyone else care to wager that florinr08 was John Scarrow in disguise so he could be able to downtalk us and be snarky in a way that a Microsoft employee could be fired for?  They were far too wise, and the ONLY post that was pro-Microsoft.  XD

  • jbdub82
    2 Posts

    Thank you for the link, Wakachu. It's pretty bad that we have to hack the program to fix Big Brother's stupidity rather than just enabling a setting within the program. I'll be trying this fix ASAP.

  • Wakachu
    5 Posts

    @Paradox

    It's not getting fixed.  You'll have to use this:

    www.generationmediagroup.com/.../re-enable-links-in-messenger-09

  • Paradox
    6 Posts

    It's been almost two weeks now, Microsoft. Shouldn't you at least give us an estimate on how long this will take to fix?

  • Hemingray
    85 Posts

    Also to add in, 2011 is a "Recommended" update on Windows Update, and is AUTOMATICALLY DOWNLOADED AND INSTALLED via Automatic Updates, along with every other update. Several people I know ended up getting 2011 installed without any interaction.

    Beware.

  • Hemingray
    85 Posts

    I'm gonna confirm this as a forced update to 2011. There's no more hiding it.

  • @Wakachu It worked, awesome.

    ---------------------------

    Still a big BOOO! to microsoft. Strangely since this thread started and we started complaining. Pidgin&aMSN stopped working good on my phone, it gets a lot of ssl/certificate errors. What a coincidence eh?

    I hope ms would screw up once more, huge. So we can all step over to skype. I bet Windows live 12 would suck even more, like a commercial survey before you can chat with your friends xD . That's a good idea eh? I'd say, DO it microsoft!

  • AKMark
    1 Posts

    As the support guy getting calls over this, I'm annoyed that the message indicates a connection problem.

    This is most definately not a connection problem, it is a security problem; the message should clearly state that this is a security problem that MS is trying to fix.

  • I have windows Xp and vista service pack 1

    so I cannot update to windows live 2011 ,,,,Too bad

    my xp one is an old cpu that cannot install Vista and 7

    and I thought I'am the only one having this problem

    but does that really mean that my computers are infected ??

    I really checked it up by Anit-virus many times

    but I still feel anxious worried ,,,etc :( !!!

  • ok, nice job microsoft team protecting us, keep up the good work because we keep on using windows live messenger 2009 even if we have win7, as the 2011 version is way too bad. (it sucks actually)

  • 3mendo
    4 Posts

    @Wakachu

    God bless you. Shame on Micro$oft.

    I'm spreading the link all over the web as much as I can, please everyone do the same!

  • Well thanks Wakachu. I'd rather not be forced into 2011 and it's a shame I have to edit the program myself to bypass the stupidity of disabling hotlinks. Oh well, thanks again! :D

  • Hemingray
    85 Posts

    @maccoutinho: use a-patch.

  • What? So this is all a scam to force people to update to the latest version of the client? Geez, I tried it out and downgraded it right away, there's no way I'm going to change until there's a patch to remove all of that advertising and tweak the interface.

  • Just turn the links back on... this makes no sense. The worm can spread just as easily if the user copy-pastes the address from the chat window, intelligent users won't get affected either way, are you counting on the not so smart users to be idiotic enough to not being able to even copy-paste a link from the window to the address bar on their browsers? Geez.

  • Lauda
    1 Posts

    This is not what I was hoping to see from Microsoft. It would be even better giving us a choice to chose if we want to enable or disable hotlinks instead "forcing" us to update to WLM 2011, which in my opinion sucks, UI is bad, can't change my nick, also that picture "sharing" thing or w/e it sucks. ;(

    I just hope this is not going to last for long, so I can have my hotlinks back, for now I'm gonna use that what Wakachu posted.

    Also @Wakachu, thx bro, that works.

  • Dudes, this is just sad.

    You know what your "Link Safety" in 2011 amounts to? An annoying "be careful" that's of no use to non-savvy users, and a mere annoyance to people who actually know their way around the internet. It's just demeaning and it doesn't help at all.

    I will not be upgrading to 2011, because I'm tired of being babied. I'm tired of being told that I can't trust my friends. I'm tired of being told that after seven years of using MSN Messenger (and later, Windows Live) RELIGIOUSLY that I don't know how to spot a suspicious link. I'm tired of being told I have to scan things I receive from my similarly computer-savvy friends for viruses. And I'm NOT going to take this anymore.

    I'll be using the hex editor solution someone else posted, and NOT updating. And when you eventually do force the 2011 upgrade, I will stop using Windows Live until you stop beating the poor beleaguered thing into the ground with useless features, useless "security upgrades," and pointless dumbing-down of stuff that used to actually kind of rock.

    I'm so disappointed. I've been faithful for so many years, and this is how I'm treated?

    Lamesauce.

  • Oh wow. This was funny...

    One thing that pissed me off even more, was that, even though I couldn't click on any link, in the upper part of the converation window, there woudl still appear that warning "If you click the following link....". Yeah, right...

    So, I thought about giving the 2011 version another try...so, after dealing with the fugly design, obnoxious no-nicknames, and the annoying way photosharing now works, I was still copying and pasting the links, because if i clicked on them, not only I would get the dumbscreen, a lot of the sites would think I'm hotlinking.

    Now that there is a solution, that only us 'better than average" users can do, I wonder what is going to come next...

  • Hemingray
    85 Posts

    One thing to note: Before replacing the file, rename the original just in case something goes tits up.

  • Paradox
    6 Posts

    @Wakachu

    Thanks a lot, mate. Much appreciated.

  • Wakachu
    5 Posts

    @Spaceman

    There is a download there for one that is already fixed so you don't have to do it yourself.  It's not difficult to replace one file.  If you mess it up, the worst that could happen is your messenger won't work properly.  Reinstalling it would fix it.

    But it would be nice to be able to enable links again without hex editing.

  • @Wakachu That's really nice, but i dont like to screw around in windows files. There should be a normal way to re-enable them

  • Hemingray
    85 Posts

    And that fixes that problem.  Check, and mate.

  • *gives thumbs up to wakachu*

  • Wakachu
    5 Posts
  • @ John Scarrow

    I really don't get it. To me this sounds like a cover up and that the Microsoft team does not care about what anyone is saying

    POINT1:

    You stated, this attack is worse than the others, that there is protection from it in messenger 2011 and that the impact of hits is great.

    Now, what I understand when I read this is,

    First -  You are fully aware of this attack, but DO NOT inform your users. We have to "accidently" stumble upon this blog.

    Second - That Microsoft cares not about anyone in an earlier version of messenger because if the team cared, you would have gave a small update for protection to the earlier members instead of just SILENTLY trying to upgrade us to the new messenger.

    and Third -  If the impact is so great, refer to the comments 1 and 2. Why were we not informed? Why were we not given protection? Why is this STILL the only way the team is informing us?

    POINT 2:

    You state that we are "better than average" drivers and that the hyperlinks being disabled is a nuisance.

    Now, my problem with this one is,

    I understand full well why the links were turned off. Yes it is a great annoyance because friends and I send hundreds of links a day. The problem I have with this one is I thought my messenger was broken. Thought I had a virus. I was cleaning my computer, wiping things, trying to figure out the problem. THERE WAS NOTHING INFORMING US THEY WERE TURNED OFF! That is why this is an annoyance! No one from the Microsoft team thought to send out an OFFICIAL e-mail stating, "We are very sorry for the inconvenience, but due to a massive spread of a worm through Messenger clients, we will temporarily be turning off hyper links in order to try and protect our users. For more information SEE THIS BLOG!" Hmm.... was that so hard?!?!

    POINT 3:

    You state you are trying to make better security software and that this is not to nudge us to upgrade.

    We understand that security is important, but you should secure all your products that are being used, not just one then disable features of another. If that security only works for 2011 then you guys messed up. I am sure you only added and removed features to create the new messenger and didn't scrap the code and redo the entire messenger itself. So minor tweaks should make the security work on older messengers.

    Now, the "nudging us to upgrade". Most of us are not going to believe that this is not an attempt to do so. Microsoft has already shown that you will go behind our backs and keep us ill informed. We understand we will not like all the features of the upgrades and that we will miss some of the old ones. But if you are getting people because of the layout you currently have, give us the option to keep it. I loved the sharing folders, I love the photo share, I love being able to share my background, change my background, change the color scheme of my messenger. I love that you let me put my own picture on the header of my contact list. But the new 2011 version to me seems like a downgrade. I seem to have lost many of the features I loved. It was too bulky. After I slimmed it down to look like old messenger, it was still huge. I have a decent sized computer screen, but it took up a lot of the screen.

    I just wish that we are given a choice on what is removed and added. This is my favorite messenger, I hate that I am thinking of uninstalling it due to Microsoft's lack of being loyal to it's users. But that's seems to be the way things are now.

    Everyone wants to fix what is not broken. Everyone higher up wants to "improve" other's belongings and lives through hidden means. Just how the world is now.

  • Hemingray
    85 Posts

    Did I say email links? What would you do if hyperlinks never existed in anything, if you had to copy and paste links to get around the internet rather than clicking things.

  • It's like Microsoft's products are now being developed by my mother rather than internet geeks or something.

  • Drinky
    2 Posts

    @Hemingray

    Really dude, e-mailing someone a link? What year is this, 1995?

    Microsoft keeps on worsening MSN in every possible way. WLM is just terrible, you can't even choose your own screen name. Microsoft wants to join the whole social internet thing but in this way it's just failing horribly

  • Hemingray
    85 Posts

    Hey this wasn't my idea!

  • Hey Microsoft. Well done for being jerks.

    Maybe it would have been a better idea to stop making Windows Messenger worse with every release rather than basically calling your userbase stupid and forcing those who aren't to move to other clients or put up with this annoying not-actually-helping-anyones-security pointlessness? Ohwaitbutthennoonewouldupgradetotakeadvantageofyourpointlessadditionstoamessengingclientandthenstevebalmerwouldn'tpatyouguysonthebackdevelopersdevelopersdevelopers.

  • 3mendo
    4 Posts

    I would like to add a bitter smile to this. John i'm italian.. Berlusconi is Italian prime minister... Can you even imagine how hard i'm trained in earing fishy smelling excuses every day? And how quickly i can recognize them? So please... you sound like child joke to me, this security feature is just ridicolous.. get serious.

  • Well, i am happy that somebody from microsoft has taken into consideration (i hope) our comments

    Submersible, just hit the nail on the head... And u know what? The people that would have clicked the virus link and have accepted that for some "weird" reason hyperlinking doesn't work, will copy paste the virus link too.. They will also press on the next button on the Link Safety page without even considering anything because it's just the same thing as vista had.. U had to press too many times continue to install a program, even if it was a virus, so u just started pressing that button automatically..

    This feature is just annoying. both the disabling of hyperlinking and the link safety page on wlm 11.. But if u are so sure about the success with this approach microsoft, at least give us an option for us "advanced users" to turn all that stuff off.. As "advanced users" i am sure we are ur most active customers and i am sure u don't want to lose us :)

    Also, just like Paradox, i would like to know an estimated time this will be fixed, either by giving us the option to disable all this, or enabling hyperlinking again.. It's very very annoying and i think that's very obvious in my previous comment

  • I read this blog and laughed, Honestly. These ever so important worms/virus's that Microsoft have so "kindly" made "significant" steps towards stopping have been happening for the last 7 years!

    I've been getting this messages, "hey look its a picture of me and you" Well that's a bit dumb considering I've never met this person? I'm not gunna turn around and click the bloody link!

    There is already an option to activate or deactivate this in the 2009 version, Why do you need to take our powers of having them enabled or disabled away? The 2011 version is damn well awful I wouldn't recommend anyone to use it, The only good parts is having your face book contacts and such added to your list.

    If you really think disabling hyper links is going to stop this virus from spreading your stupid, This type of virus has been around since around 2002. I've had the virus on my pc because I was young and foolish to download it, Even then I managed to remove the virus on my own within 30 seconds of a friend telling me. Anyone that is stupid enough to download the file in the first place which includes me when I was younger, Is too internet-newb to be using the internet.

    Removing hyperlinks won't work it will just make the rest of us annoyed and flame you guys, And too all the guy posting. "just use 2011". Why? Do we tell you what brand of milk to drink? No.

    End of my rant.

  • When I read this article I typed several angry rants but finally edited them so much I calmed down and realized that'd just get my post deleted or something. Give us the option to decide if we trust links, refusing to do that would only assure me that this is a scheme to force people into upgrading. I know everyone on my msn and they'd never send me a virus, I'd imagine most cases more or less the same. So if someone made enemies or accepts every invite they get that's their problem and isn't a reflection on Messenger, I don't know why this would even be considered.

  • Snake
    1 Posts

    I just wanted to add my two cents over this whole thing.

    While I don't think they are forcing us to upgrade or anything underhanded like that, I do believe that its a case of overreaction; maybe you should think about having an option, and if users go into options and choose to enable hot links, then having an automated warning pop up about the virus...

    That would be not as intrusive whilst still protecting your customers?

    As for WLM 2011, some of the features are good, its prettier for one. And to all people who are raging about the interface, there is a little button you can press to bring up a traditional messenger view.

    And the video call update applies to 2009 as well as 2011.

    However saying this I don't use 2011, because I can't change my screen name, which is kinda a clincher.

  • I still use MSN Messenger 6 and you know what? It works.

    No annoying security features, no advert spam, no in your face attempts to turn the client into a social network. Oh yeah, I almost forgot; I can click links.

    It's mighty good to live in the past.

  • merQree
    11 Posts

    What i don't understand is, why Microsoft urged to take actions about something in which is not their concern at all. Since you are the providers for a world known IM, in your rules and agreement, there should be (i haven't checked) a rule saying that anything non related to the client of your IM has nothing to do with the product and the team offering the product.

    In other words, what a user does with his IM is his own responsibility. And since they want to click on a link being a virus or not, it has nothing to do with your terms and agreement.

    But, that's not the strange part. The strange part is, that you indulged such actions days after 2011 version was released. I may sound paranoid about that matter but i believe it's a concrete lie. Why? Simply because you guys never done that before and because WE, the users never chose to ignore one of your updates until 2011 came out. Some will say that there's no way this is a coincidence and  i will totally agree with them.

    So why is it that all these years that this virus is out there, you NOW decided to call this shot without giving any options to the users who don't want this option and certainly don't want to install your latest product, in which you put a lot of effort and advertised a lot?

    I don't know if this means anything or not but this is from Microsoft Service Agreement:

    "Your dealings with others. Microsoft may offer goods and services from third parties through the service. If so, for those goods and services your relationship is with the third party only and not with us. You're solely responsible for your dealings with any third party."

  • Paradox
    6 Posts

    @John

    Do you guys have an estimate on how long this will take? Will we have the active links back by the end of the week?

    In the meantime, it would be much appreciated if you gave us the option to turn active links on/off ourselves. I accept the risk I am taking by allowing them, and I will not hold you responsible for any damage that might come to my computer as a result. However, I believe my computer's protection is sufficient to deal with this threat, and I am not too worried about being infected with or without active links enabled.

  • Also!

    If you don't want the possibility of viruses on your computer...

    You probably shouldn't be on the internet.

  • That's the funny thing. If you copy and paste, it will STILL infect your computer.

    This isn't doing anything but forcing the people that aren't intelligent enough to realize that "Oh, hey, this.. probably isn't a link I should be clicking!" to just copy and paste that EXACT SAME LINK into their web browser.

    The fact is, if you don't want the possibility of viruses, download 543275894276 different anti-everything onto your computer and never click links.

    Don't punish the intelligent for mistakes that other people make.

    It's quite -obvious- that it's a malicious link. I've gotten hundreds of them. And you know what I do? I e-mail the person and let them know. And you know what they do?

    They get rid of the virus. Because they're smart.

  • I'd also be curious if the worm will infect you if you cut and paste the link to a browser.  

    If so, the MS is telling us that cutting and pasting links is not inconvenient while at the same time relying on the inconvenience of cutting and pasting links to stop the worm.

  • Hemingray
    85 Posts

    looks like an old-crap variant of SDBot to me. Who knew that script kiddies still used IRC botnets to this day? Sorry John, I was on yall's side with this till I finally looked into it myself. Although it is protecting the more gullible morons out there from themselves. I'll stay okay with this either way as long as yall don't force 2011 on us.

  • jbdub82
    2 Posts

    So the worm cannot install if you copy and paste the link into your browser?

    If copying and pasting the worm's link (rather than clicking it) doesn't somehow prevent infection, this extremely annoying security measure is almost entirely useless. So thanks for screwing up Messenger!

  • merQree
    11 Posts

    @anesthetic.euthanasia i don't know who you are dude but damn that was poetry

  • This is a bit of a concern to me. I've used MSN ever since I could remember.

    I downloaded the Windows Live Essentials 2011.

    It stripped away my ability to personalize my name.

    It took away my ability to just talk to my friends without having to dig through mounds and mounds of stupid updates that I don't care about!

    I have 2009 and have the ads down at the bottom disabled, because that's not what I want to see when I log on to talk to my friends across the world or my boyfriend across the States.

    You say this isn't a "nudge" towards 2011, but your actions speak louder than your text. I've read through all of the comments on this page. It looks as if you, at MSN, made a mistake on this 2011 update.

    What you're basically going to do is pull your services on 2009 and force an update. You'll lose far more users than any other update. This is ridiculous!

    It took me three days worth of digging to find this.

    You say that the "worm" is out of control.

    Maybe if half the users weren't STUPID enough to click the link without asking questions, the rest of us INTELLIGENT users wouldn't be suffering with trying to figure out what the next best IM client is.

    Yeah, copy and pasting a link isn't that big of a deal, but it's inconvenient. It's inconvenient and it's really annoying. Especially with the links that are longer than a couple characters. There's a silly little thing called "Security options" on my MSN. If I didn't want links to show up, then gosh dammit, I would go into those options and uncheck the bloody box!

    I'd consider fixing this as soon as you can. You'll start losing more than just users. Eventually, until you get this fixed, you'll start losing your sponsors, and then you'll start losing money. And we all know you wouldn't want to lose MONEY.

  • merQree
    11 Posts

    Worm:Win32/Slenfbot.AD

    Encyclopedia entry

    Updated: Jan 03, 2008  |  Published: Jan 03, 2008

    So you want to tell me that this "virus" is been out there for 2 years and NOW you decided to do something about it, and ONLY in the older versions of the messenger cause the new one is more secure?

    I can get the new messenger and STILL get to send viruses if i want to (which i don't). What you just told us makes absolutely no sense at all.

    You had the power to make an action against our will but you have NO power at all when it comes to undoing it? What i mean is, you claim that the new messenger is more secure (you might not mentioned it but this is what your actions say the least) yet you fail to provide the same option for the older versions, giving the opportunity to EVERY single user of older versions to chose on their own. Don't tell me that you could do a silent update or a manual shutting off of the links but you cannot send an update for older versions that contain the same "safety source" for the new version. That would be at least insulting to all of our IQ's in here.

    As for who's advanced or not, people tend to learn you know. Clearly most of us already know that.

    You found a "virus" spreading 2 years ago and today, while you launched a new version of the messenger, you fail to provide your services to a committed crowd of people to the messenger. Of course that smells fishy and of course we should be getting paranoid over the idea that you are trying to force us to upgrade into the 2011 version.

    If you just turn on the links again and just share your source of 2011 which YOU claim to be secure, as an update for the older versions, this crowd will gain your respect and understand better than what you did right now.

  • @John Scarrow Your 3rd point implies that other than turning off links, you seem to have no particular plans to even KEEP 2009 supported in the first place. Which sucks for those who can't get the latest version due to being on XP due to say, not being able to afford Windows 7. At least release a security update for those guys =/ It's not hard, you guys clearly have the power to silently update MSN without our will, why not do a security update? Perhaps even as I said, just giving links an extra online step before opening the link saying the risk this link may pose, heck, team up with someone like AVG or Zone Labs, they rate links afterall. It's not hard.

  • I like msn 9 because of the nice design that fits perfectly to my windows 7 and the interface is the same like all of the previous msn's had.

    If nothing will happen in the coming 2 week, I'll just download aMSN and add the msn 9 theme or something

    I don't care about new features if its faster, more stable or more handy. Msn 9 got a great design and layout and that's all what I care about.

    If WLM11 will allow me strip down all the ads and the side box and crap, so i can see my contacts just like on WLM9, I'll definitely download it.

  • Years and freaking years I used messenger 6 to 9 msn and they all had the same lay out. EVEN the versions before these ones. So why change it so bad?

    Now msn got 70% filled with this social area. I dont need that, i just want to chat!You see just a very small box with 200 of my contacts. Befoure I could see all all people who are online and now i see just 10-20 people and then i already have to scroll. People jump on and off, I can't find people I want to chat with!  I tried everything to click the social are thing away, to make the box with my contacts bigger and nothing worked.

    MSN is about contacts and not facebook. If i want to see what my friends are doing I'll go to their web-page/profile to check it.

  • Thanks for the comments on the post.   I’m hearing 3 general concerns here that I’d like to address.

    1) It’s true that similar attacks have been out there for some time, and we’ve been monitoring them, which is why we introduced the new Link Safety Feature in Windows Live Messenger 2011. However the difference with this particular variant of SLENfBot.AKD, (which is actually hitting several industry IM clients, and not just Windows Live Messenger), is that it is off the charts in terms of scale.  We have work going on now to illuminate this particular threat so we can restore hotlinks, but the volume of attacks was too significant to let continue without any remediation.  The number of customers that have been impacted on a daily basis is very significant, and every impacted customer leads to many more customers being hit with spam, and chances are, some percentage of those receiving the spam will click the link and expand the attack further.  

    2) Folks that spend time on this blog are clearly “better than average drivers” and in some cases feel that removing the hot links is more undesirable that the perceived protection of disabling them.  Again, we hope this is a short term issue for older versions of Messenger. We’ve heard your feedback loud and clear on the ability to turn off warnings, and are investigating ways to make this possible in the future.

    3) Because we work hard to make our software more and more secure with every release, from a security standpoint we always hope that users will follow us as we release new versions of our software. However, I want to make it very clear that this security response is absolutely not an attempt to nudge folks to upgrade.  We understand and respect that with any change to such an ubiquitous IM client as Messenger there will always be changes that some folks don’t like and/or may not be able to take advantage of due to OS versions, etc.  We’ll continue to innovate both in features and security and look forward to broader adoption over time, as you see fit.

  • merQree
    11 Posts

    I confirm with Tempest8008 . The only reference for this so called "virus" leads me here. I send a message to the staff here to give us at least a reply so we will know what to do. Personally i have more than 1200 people in my address book and only 2 of them are ok with how things are. I told the rest to move into Skype in case they don't fix this issue. They show full support. I strongly advice any of you to do the same thing.

    This team is trying to mock us in front of our eyes. Don't be a tool.

  • I have been doing some investigation and I cannot find a reference to this "new and malicious worm" on ANY of the dedicated Antivirus provider sites.

    MS, are you BS'ing us?

    Because if this IS a thinly veiled attempt to get us to upgrade, just tell us you're yanking support of 2009 instead of lying to us.

  • A malicious worm spreading links? I've been getting those for years, but hyperlinking was never disabled.. Now that the new messenger is out we get this stuff? If u were serious about protecting ur customers u would have done something about it 2 years ago when i started getting those links.

    I am on windows 7, because i believe it's a good product, i made that change so i am definitely not afraid of change.. And even after hearing all the stuff about wlm 2011 i still gave it a shot.. Guess what, the smartscreen thing is way too annoying and i had issues with not getting IM's from people besides the horrible interface and some very vague options that made my contacts who converted to wlm 11 confused.. I thought not being able to receive im's from some people sometimes was something not really related to wlm 11 so i kept it..I had to use my old pc with win xp for a week after some time and guess what, i had no single issue.. As soon as i got back to my normal pc i unistalled wlm 11 and put the old one back on and everything was fixed.. I really didn't have to give any explanation why i want to keep wlm 9(personal preference) but i did for those of u who ask why not just put the new msn on ( mainly @danielgr)..

    I have been an avid wlm user since 2004 but after these issues i am definitely considering switching clients and making pidgin/skype my default im client because i feel microsoft is trying to make us move to the new wlm in very sneaky ways.. If i don't get an option to at least, switch hyperlinking on, in one week i am moving to pidgin/skype for good and telling my contacts who are annoyed by all this to switch too.. I really hope more people will follow because i guess comments aren't really listened to

  • @florinr08 Well for one I like having a display name instead of being forced to use a first and last name. Everything, and yes, I genuinely mean this, that has been added to WLM in the 2011, I won't even use. I refuse to use a bloated program with ad's everywhere. And I even stated why I still use 2009, and it's purely because no other IM Client (Such as Trillian or Pidgin) hasn't got comparability with WLGroups.

    It's not that I "fear" change. It's that I don't like the changes. If I didn't like change I'd have never have started using Windows 7.

  • Hemingray
    85 Posts

    @danielgr:

    I use Windows 7, and I still use 2009. I refuse to even touch 2011, it's overloaded with useless crap.

  • This is absolute BS! It's been days now! Please re-enable the links. I have AVG as a security program and if I clicked a malicious link it wouldn't even open. I will get an error page saying the link lead to a page that was a security risk. And if I do get infected? Well, I can just remove it can't I?

    danielgr said "Certainly Microsoft has pulled out a nice trick with this one, because the new Live is converting more people than ever around me into Win7... "

    Even if I /could/ afford the $400 to buy Windows 7, which I can't, I still wouldn't update to WLM 2011. It's a piece of garbage and I hate every feature about it. Not to mention, it seems completely filled with bugs. The Windows Live forums are inundated with people having problems with 2011 and no way of fixing it.

    Please just re-enable links for 2009.

  • 3mendo
    4 Posts

    You know what really makes me upset? Windows team really thinks i'm a poor idiot. Give me options, give me the option to enable or disable links, inform me, not just shut down a feature without telling it to me. It was silent and at this time i think "how many silent updates do you make during the year?". I know you want us to 2011WLM to spam us with ads, so please be honest. For my safety? Come on!

  • why cant i see my posts?

  • merQree
    11 Posts

    @florinr08 Who said we are afraid of change? So we used MSN all these years and kept updating so NOW we're afraid of change? No. On the contrary, i liked the previous versions of MSN. But 2011 suck and sooner or later people (like you) should stop sucking up and tell this team the truth.

    And my CLIENTS also use 2009 cause they also believe that 2011 sucks. And they complain about that "security" measure that they decided to force upon us. I told everyone i know to come protest in this link and guess what happened. Nobody did cause they can't click it. Just like i said, they are bored to copy/paste and say their opinions.

    As for changing an IM, don't worry. We got that covered already. We searched for IM's and if this continues to go on, we already decided on what we will do, cause apparently there are other companies out there who really respect us as human beings and ask us for updates.

    You may like what the new version looks like but we don't. And yes, this is somehow forcing us to change something we don't want to change just because they realized it won't sell.

  • I totally agree with @merQree & Spaceman.

    I dont want to upgrade to 2011 becouse of the for example Video chatting is to b*d, you blocked a great feature that makes you get less live messenger -users and that is bad.

    In 2011 version you can only do Video-calls, that means no single webcam-feature (with good quality).

    MAKE A OPTION TO SHOW LINKS OR NOT IN 2009 VERSION.

    I am so close to change to something else than msn right now.

    You are doing a sh*ty job right now i am just honest as a long-time msn/live messenger user!

  • florin I hope microsoft paid you well, besides the mass amounts of ad's on the 2011 version such as the PM windows as well as the instant messenger itself it's the bloated garbage we don't  want and if there is some that do want.. then give us the option to remove it, in example facebook etc or not put it on display, just like how real names were on display which was  something I saw when I tried it. Saying ageing old software like it's inferior when infact they are not updating for the sake of the users they are updating for the sake of making more money off ad's or partnered companys which all the more power to them I guess but having silent updates like this are pathetic, it almost makes me question the security instead of praise it.

    I have switched clients and will continue to until Windows Live fixes this problem. If you do infact work for Microsoft or Windows Live I doubt they would like anyone representing them saying "We don't want your services here" when there has been plenty of complaints about this problem and I believe they do want as many people using it so they can view the things they are advertising whether it be a past version or not and if you don't work for them and are currently using the 2011 version then you don't belong in this discussion.

    All i've heard people truly angry with is the fact they can't use links which is not hard to give us the option to turn links on or off even tho there is an option already .. which is useless now that they did this.. and then us not being notified about a useful update or not so useful in this case to some.

    Why not just remove the past version completely like they've done before if they are going to do things like this?

  • BasDrag
    1 Posts

    Luckily I have 2011, and I love it! But I'm still waiting for a connection with Twitter...

  • I think you should all calm down and accept that this was done for your own good. Even if this really was a silent update, I don't think many of you would have installed the update anytime soon if it were just sitting there waiting patiently for you to perform the update.

    merQree, even if you can click on links and send them, your "clients" won't necessarily be able to do so if they're still on 2009.

    And for those of you who like to stick with the ageing and old versions of software just because you don't like change, there's nothing stopping you from staying on 2009; you're not being "forced" to switch. (There is an option in 2011, by the way, where you can switch to compact view, which basically gives you the view you're familiar with in previous versions.) The safety links feature for 2011 wasn't made available for 2009, because, I'm guessing it's one of the signature features of 2011...?

    Stop whining! And if you're threatening to switch to a different client, switch already! We don't want any of your services here.

    Thank you.

  • danielgr
    73 Posts

    Woaw...  I may have missed something but why so much negativity around WLM2011 ?

    I've been using messenger since the very first version and the 2011 might be the best ever update to me. Now every time I come up to a WinXP running Messenger 2009 I simply can't stand it ... Certainly Microsoft has pulled out a nice trick with this one, because the new Live is converting more people than ever around me into Win7... What their all new and fancy OS didn't do their free apps suit is finally doing it ...

    Have you guys really tried it for a few days?

    What is so great about the old version that the new one doesn't better?

    I'm just curious...

  • At least, you could place some kind of alert, just like Digsby does, when they make some major change. WLM 2011 is not going to make me downgrade to windows 7, nor IE9.

    I guess I'll completely switch to Digsby, luckily enough, you just do the hyperlink block on the client, and Digsby can still open the links.

  • I am not happy about this at all. When I already have to suffer a bloated program, which lags and sometimes decides to take 50% of the CPU, I don't need more reasons to uninstall all of Windows Live off my PC. I am aware there's WLM2011, but I refuse to use that awful program. It stripped features I enjoyed about MSN when build 2009 came along, and added things I would never use. honestly, if you can easily turn off links in 2009, what's to stop you adding an extra web step and offer a security rating about a link? And why now? This issue with worms abusing links in WLM has been around for at LEAST a year, maybe even two years. This seems suspicious to me, almost as if you've only took action now to "encourage" people to upgrade to a version that is 'safer' and has the ability to handle URL's now.

    If you were really trying to sort this issue out, you would have done so when the issue became a major problem and prevent it. Honestly, if 3rd party programs could support WLGroups. I'd have unistalled Windows Live, all of it, a while ago.