What the ****?!? Virus?

General discussion and comments that don't fit in the other topic areas.

Moderator: jrhees

What the ****?!? Virus?

Postby AchilleTalon » Wed Mar 16, 2005 10:37 pm

I just received 5 e-mails which really seem to be fake :
The following is an email sent to you by an administrator of "USB-UIRT Forum". If this message is spam, contains abusive or other comments you find offensive please contact the webmaster of the board at the following address:

jrhees@earthlink.net

Include this full email (particularly the headers).

Message sent to you follows:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Hello
we have updated forum,you need new programm to activate your account

http://www.mitglied.lycos.de/rootsofpai ... MS&MMS.exe

we are sorry about that...



Does anybody know what this is?!?
AchilleTalon
 
Posts: 3
Joined: Sun Oct 31, 2004 4:47 pm

Postby jrhees » Wed Mar 16, 2005 10:40 pm

I am looking into this. It appears that somehow the 'mass email feature' of this forum might have been used to send out the mail.

I do not have any further details at the moment.

-Jon
jrhees
Site Admin
 
Posts: 1652
Joined: Tue Jan 28, 2003 11:49 pm

Postby Guest » Wed Mar 16, 2005 10:51 pm

Sending 5 emails at once is a little suspicious
Guest
 

Re: What the ****?!? Virus?

Postby lafugitt » Thu Mar 17, 2005 12:25 am

I just received 5 e-mails which really seem to be fake :



I received the same 5 e-mails. Obviously, someone has hacked the mailing list for this forum and is using it. :(

Fortunately they sent 5 e-mails which was a big red flag, and have problems with spelling, so it was easy to tell that the e-mails weren't coming from Jon. :)
"Androids don't dream of electric sheep, they eat them!"
http://www.robots-dreams.com
lafugitt
 
Posts: 10
Joined: Mon Jan 17, 2005 11:51 pm

Postby nakins » Thu Mar 17, 2005 2:05 am

I sent you a pm about this before looking here. I would get in touch with lycos.de and check your server for bad code. Also check your version of phpbb with the phpbb site for security patches. Forum hacking seeming to be all the rage these days. Fortunatly, this kid is an idiot.
nakins
 
Posts: 4
Joined: Wed Dec 03, 2003 4:10 am

Postby noodleNT » Thu Mar 17, 2005 4:15 am

same... when I saw five and I had to download something to view the forms I figured it was fake.
noodleNT
 
Posts: 38
Joined: Wed Mar 17, 2004 6:31 am

Postby Mastiff » Thu Mar 17, 2005 10:00 pm

Hey, even one mail that mentiones free SMS/MMS would make me understand that it was fake. Just hope nobody has made the mistake... Crackers can be a pain in the ass! :evil:
Tor - The Cinema Inferno home theater and multi-zone audio system
Mastiff
 
Posts: 35
Joined: Mon Jul 28, 2003 6:29 pm
Location: Akland, Norway

Postby ElvisIncognito » Sat Mar 19, 2005 3:15 pm

Yup. I got 'em, too. Fortunately, ZoneAlarm Pro blocked all the attempted nastiness...
ElvisIncognito
 
Posts: 19
Joined: Mon Mar 10, 2003 6:39 pm

CRAP!!!

Postby ElvisIncognito » Sat Mar 19, 2005 3:54 pm

DAMN IT! I didn't download anything - just clicked the link in the e-mail. (Didn't really pay much attention to the text of the link.) I knew something was weird when all I saw was some kind of song lyrics, but I got really suspicious when I noticed a lot of hard drive activity...

I turned off WiFi (I was on my notebook) just in case and checked Task Manager to see what was using CPU cycles... something called "vsmon.exe". Searcghed my hard drive for vsmon.exe and nothing was found. Began to panic. Checked (Codestuff) Starter - nothing had been added to any startup areas, so I rebooted. When it came back up, I checked taskmgr again. vsmon.exe was listed and actively using CPU. Searched again and found vsmon.exe in the ZoneAlarm directory. (It's the anti-virus program - I have ZA Suite.)

Anyway, so I turned WiFi back on, but now I have no internet/network access! I can't even connect (by IP address) to the WAP! (Even though it shows that I'm connected to it ansd signal strength is excellent!) Also, when I try to bring up a website, it now says, "Connecting to..." and gives an IP address - whereas before it always said "Connecting to www.google.com". I checked all my settings (I use static IPs on all machines on my home network) and everything is correct - DNS servers, everything.

I shut my notebook down for now. Will have to look into this later. Would appreciate any ideas or suggestions.

This SUCKS.
ElvisIncognito
 
Posts: 19
Joined: Mon Mar 10, 2003 6:39 pm

Postby jrhees » Mon Mar 21, 2005 6:09 pm

Sorry to hear that!

I followed the link but it seemed dead on my attempts. Elvis, you may want to run something like BHODemon to see if you have a BHO attached to your internet explorer.

-Jon
jrhees
Site Admin
 
Posts: 1652
Joined: Tue Jan 28, 2003 11:49 pm

Postby ElvisIncognito » Wed Mar 23, 2005 3:29 am

Sorry - I neglected to post an update. I had to reset my WAP. (Maybe it was just coincidental timing - really not sure.) Anyway, everything seems fine now. Thanks for the BHOdemon recommendation - I'll look into it.
ElvisIncognito
 
Posts: 19
Joined: Mon Mar 10, 2003 6:39 pm


Return to General-Discussion

Who is online

Users browsing this forum: No registered users and 18 guests