USB-UIRT Forum

I just received 5 e-mails which really seem to be fake :

The following is an email sent to you by an administrator of "USB-UIRT Forum". If this message is spam, contains abusive or other comments you find offensive please contact the webmaster of the board at the following address:

jrhees@earthlink.net

Include this full email (particularly the headers).

Message sent to you follows:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Hello
we have updated forum,you need new programm to activate your account

http://www.mitglied.lycos.de/rootsofpai ... MS&MMS.exe

we are sorry about that...

Does anybody know what this is?!?

I am looking into this. It appears that somehow the 'mass email feature' of this forum might have been used to send out the mail.

I do not have any further details at the moment.

-Jon

Sending 5 emails at once is a little suspicious

I just received 5 e-mails which really seem to be fake :

I received the same 5 e-mails. Obviously, someone has hacked the mailing list for this forum and is using it.

Fortunately they sent 5 e-mails which was a big red flag, and have problems with spelling, so it was easy to tell that the e-mails weren't coming from Jon.

I sent you a pm about this before looking here. I would get in touch with lycos.de and check your server for bad code. Also check your version of phpbb with the phpbb site for security patches. Forum hacking seeming to be all the rage these days. Fortunatly, this kid is an idiot.

same... when I saw five and I had to download something to view the forms I figured it was fake.

Hey, even one mail that mentiones free SMS/MMS would make me understand that it was fake. Just hope nobody has made the mistake... Crackers can be a pain in the ass!

Yup. I got 'em, too. Fortunately, ZoneAlarm Pro blocked all the attempted nastiness...

DAMN IT! I didn't download anything - just clicked the link in the e-mail. (Didn't really pay much attention to the text of the link.) I knew something was weird when all I saw was some kind of song lyrics, but I got really suspicious when I noticed a lot of hard drive activity...

I turned off WiFi (I was on my notebook) just in case and checked Task Manager to see what was using CPU cycles... something called "vsmon.exe". Searcghed my hard drive for vsmon.exe and nothing was found. Began to panic. Checked (Codestuff) Starter - nothing had been added to any startup areas, so I rebooted. When it came back up, I checked taskmgr again. vsmon.exe was listed and actively using CPU. Searched again and found vsmon.exe in the ZoneAlarm directory. (It's the anti-virus program - I have ZA Suite.)

Anyway, so I turned WiFi back on, but now I have no internet/network access! I can't even connect (by IP address) to the WAP! (Even though it shows that I'm connected to it ansd signal strength is excellent!) Also, when I try to bring up a website, it now says, "Connecting to..." and gives an IP address - whereas before it always said "Connecting to www.google.com". I checked all my settings (I use static IPs on all machines on my home network) and everything is correct - DNS servers, everything.

I shut my notebook down for now. Will have to look into this later. Would appreciate any ideas or suggestions.

This SUCKS.

Sorry to hear that!

I followed the link but it seemed dead on my attempts. Elvis, you may want to run something like BHODemon to see if you have a BHO attached to your internet explorer.

-Jon

Sorry - I neglected to post an update. I had to reset my WAP. (Maybe it was just coincidental timing - really not sure.) Anyway, everything seems fine now. Thanks for the BHOdemon recommendation - I'll look into it.