seems to be a computer virus going around (or maybe its just spam)-got it now from 3 different bwca.com members as the common thread. email just has a link no other text. i'm not man enough to open it at work and suggest others be cautious!

tg

what email provider do they use? same or different?

No problem here, Mac Ibook

rich? email me about this.

got a few from yahoo accounts and one from hotmail...4 different sources in total. i have been receiving these at my yahoo address. 3 sources i know and have exchanged personal emails with but another unknown to me.

someone pirated my yahoo address a few months ago and blasted my entire address book with spam like 4 messages back to back to back. changed my passwords and no issues since-knock on wood

just happened to me.

its a canadian company selling viagra.

its yahoo mail

seems to me like they got into this sites member list or something...

they must have. can people just get a real job?
ive never clicked the link.

I got one too. Did not click the link.

Well, I clicked the link since it was supposedly from a member here. It was one of those "Viagra" pharmacies. Computer shows no virus after this, though. TW

if you are on gmail or yahoo (apparently hotmail now too?) change your password to something hard. (strong password is 8 char containing upper case, lower case, number, and special character) and that seems to prevent this.


if it's a virus and the email is compromised, it will go out to people you know and it will show in your sent mail. Otherwise they can just spoof the sent from address, but they have to guess who to send it to (they could get that from this forum of course if you have your email address showing.)

quote tg: "seems to me like they got into this sites member list or something..."

the site has un-obfuscated email addresses right in mailto links, unfortunately, that's super easy for spammers to harvest, so that's certainly a possibility.

quote bear bait: "just happened to me.


its a canadian company selling viagra.


its yahoo mail"

I got this same link. I noticed the person from whom it was sent was a member of this site, as were a few of the people in the "sent to" list. I will also note only a few addresses stared with C and the remaining addresses started with D that it was being sent to. Just moving down the alphabet?

Funny (not really) that this post is here today. I opened my newish gmail inbox this morning to find a bunch of bounced back messages in my inbox supposedly from me. Someone has hacked my address book and sent spam to everyone in my address book.%##@!@$#%#$!

happened to me as well. What steps should a guy take? Is it over?

Happened to my hotmail also,first it came to me from me and then was sent from me to other people in my address book. It was sent to about 30 people but was rejected en route to all but 2 or 3.

Kanoes- did you send me an email? I deleted without opening based on this thread. Please let me know in this thread if you did or not. Thanks. My provider is Charter, for what it's worth.

i did NOT gutmon

hmmmm, not good

Whatever you do if you receive a suspect email even from someone you know, don't click on the link.

I am not sure what is going on, but I would recommend folks take the precaution of changing their email account password.

The attempted hacking attempts on sites like this are constant, however, over the last few weeks this activity was up.

I will continue to add more security to the site.

Yeah I just got hacked into last night. It sent everyone in my address book spam from my e-mail account. Grrrrrrr.

Yeah I changed my password and emailed everyone to not open the e-mail. Luckily I found out right when it sent out all the emails. Hopefully none of my family/friends clicked on the link.

I am not sure how I got it. I never open or click on something that I don't know what it Is.

Not a good thing, I recieved something like this from a guy I know from another web site....viagra commercials but at first glance it looks like it comes from him...URG!!

Just thought of this.


A while ago, we had a porno name thread where you put the street you grew up on and your pets name or something like that.


...many email sites those are exactly the answers to the security questions you fill out when creating your account that people can use to get access to your account without a password. If anyone googles that type of thread they probably can get access to your account.

Several months ago I started receiving emails, supposedly from a cousin, that link to the Canadian drug company. Her warning to not open it came just after I had done just that. The emails from her account, with the subject blank, have continued to come but I have not opened the subsequent ones.
I have continued to check my "Sent" folder and I do not see any suspicious emails that went out.
Please let me know if anyone has received any of this junk from my account.

I use a password that only I could know from past experiences so if someone tries to figure it out they better pack a lunch .

I got it too. Had to change my yahoo password.
Don't you just love the 'tech' generation?
Sent Viagra and 'web hosting' spam to my whole contact list.
Now I need to send apologies to all. That sucks!!!

It isn't just this site. They are harvesting contacts from many websites like facebook other message boards---etc....


T

I just had it too!

mine was with hotmail, they hit all my contacts a couple of time, i sent them a nasty email back too!!!

Bad stuff. Obviously none of this has anything to do with a Canadian drug company. Most of this comes from former Soviet Block countries or our friends in China, but they hop through different network domains to try to mask where they're really coming from.
These people are parasites, and not in the symbiotic form. Antivirus protection and more is now a "must have" versus a "should have," but still leaves openings.
The Mac is not immune, there have been more-and-more Unix-based viruses and attacks, and the Mac OS is built on a version of Unix. Just pray the Mac doesn't get as popular as Windows or they'll start nailing the Mac. They go where the picking is good.

quote tworke: "mine was with hotmail, they hit all my contacts a couple of time, i sent them a nasty email back too!!!"

You don't want to send anything back. You confirm that the address is live.

Just had my Yahoo account hacked. They sent emails to everyone in my address book on Friday night...

I got the email, too. Opened it, but didn't click the link. The thing is, it went to my "private" email address, which isn't the one I used when registering on the forums. IIRC, I never shared my private email address with anyone on the forums. Hmmm.

quote casprrr: "I got the email, too. Opened it, but didn't click the link. The thing is, it went to my "private" email address, which isn't the one I used when registering on the forums. IIRC, I never shared my private email address with anyone on the forums. Hmmm."

who did it come from? They had to have your address somehow.



this isn't the only forum that's had that type of attack, I changed my email password and got a bit more cautious about giving out my address after hearing about this type of attack hitting people on another forum I read.

who did it come from? They had to have your address somehow.

Actually, it did come from a member on another forum I use, but I don't remember sharing my private email address to anyone on that forum, either - except my Dad (not the person who I received the spam from) - but I suppose he could have shared my other email address with this person. Doesn't seem probable, but certainly is possible.

I'm a network security analyst, so I work with this all the time. It's possible that some accounts got hacked, but not necessarily so. A number of spammers use forged credentials when they send out email. They wouldn't really use their own, so they take random names out of their list and stuff those into both the TO: and From: fields. I'd guess that someone harvested names from here. Nothing you can really do about it, other than trying to avoid getting your email address harvested in the first place.

This is pretty much what I do in addition to running an up to date antivirus program.
1. Read all my mail in plain text format until I'm sure it's a legit email. I'll convert it to HTML if it has pictures or something and it's obviously written (not just sent) by someone I know.
2. Use good passwords. Special characters (like ^,:'.?&) are your friends. Never use words. Never think you're going to fool the hacker. I guarantee there's someone on this board whose password is 'Passw0rd' and another whose password is something like 'qwerty01'.
3. Keep up to date on patches. That goes for Operating System as well as Adobe, Java, Firefox, etc.
4. Browse safely. I use Firefox along with the WOT, NoScript and AdBlockPlus extensions.

Benutzer...do you think a foreign word is the same as using an English word? Just curious...

off to change my email password. Wonder how long it will take me to get used to using a new one, LOL.

Its called spoofing. An email address can be pulled from a website and then sent by a program and make it look like it comes from you.

This makes the email look official and will get more people clicking the link than if they sent an email from "whatever@makeitbigger.com". 9 out of 10 they did not "hack" your email they are just using it to trick people into visiting a site. I recieved the email as well and I seen info@bwca.com as an address that it was also sent to, I knew it was a spoof and deleted it.

Do you think the spoofing emails were pulled from someone typing their email into a post, or from some list of emails that this site has?

I hope that question makes sense. I've heard that you should type your email address in a post, if you are doing that, so that it's not complete. example at yahoo dot com instead of example@yahoo.com.

quote Savage Voyageur: "No problem here, Mac Ibook"

SV

I like Macs, and have been using them for years, but Mac users have a false sense of security. It's true, not many if any viruses out there for Macs, but what Mac users (and especially those nimrods at the Apple store) fail to realize is that viruses are not the only way to get yourself screwed on line. There's plenty of mal-ware and spy-ware that can be inadvertantly downloaded while surfing even legitimate websites. Probably good to protect yourself regardless. I run Little Snitch on mine.

Overall, no question, Macs much safer than PC's, but much of that has to do with only having a 2 to 3% market share and less to do with a lock-tight operating system (as Apple people would have you believe).

most likely they pulled it from the site itself. its done alot with publicly available email address's on websites, like the little link under your name that has an email address attached to it.

Computer hackers need to get a life... learn to fish ,get in a canoe and paddle or go explore rather than sit around the 4 walls of their parents basement and screw our computers.

Found the problem i think. If you right click the webpage and choose the "view source" it will pull the code that we can see when you look at the page. in that code if you search for "@" you will find every email address that we have linked under our names. that is probably where they pulled it from. a simple

find "@" go left to a " " and a right to a "." then take three more and you now have an email address. do until end of code and you have them all.

I got a few of those emails, but thought they were all from CCBB members. (Clicked on the first one, but i think my antivirus stuff must have caught it - or I couldn't even open it anyway)

This has me curious now - did any of you get one supposedly from my yahoo address?

I had my hotmail account hacked. I changed the password to include letters,numbers and symbols.

quote Rapid Runner: "Found the problem i think. If you right click the webpage and choose the "view source" it will pull the code that we can see when you look at the page. in that code if you search for "@" you will find every email address that we have linked under our names. that is probably where they pulled it from. a simple


find "@" go left to a " " and a right to a "." then take three more and you now have an email address. do until end of code and you have them all. "

So what they did then is they gathered the emails from the site like you say, and then they spoofed it like it was sent from someone on this site...right? (Not actually hacked into their email in this case.) ?? The email I got had the person's real name and not their user name. I'm not exactly sure who it was, first name David (but not Koda). I deleted the email and that's all I remember.

ya most of the time thats how it goes. not saying you should make a password like 12345 and let it fly. but you are understanding it.

My yahoo email sent out the emails to my address list....arghhh! Does anyone have a recommendation for free malware. Is malbytes the best out there?

quote nojobro: "Benutzer...do you think a foreign word is the same as using an English word?"

Yes, depending on the hacker. Part of my job is to crack the passwords and ensure they're good enough. It's a game here. Nobody wants to hear that I cracked their password in 23 seconds. Especially when they use the same one for their bank account.

Many password crackers use a "dictionary attack". Some people think that means Websters. But in reality, my password cracking "dictionary" contains words in many different languages, as well as words with common substitutions (p4$$w0rd,etc), most popular baby names for the past century (various countries), lists of bands, songs, movies and movie characters, lists of acronyms, common passwords, common patterns (12345678, qwerty, asdf, 1111, etc), common street names, every number from 1 to 3000, etc. From experience, I'm guessing about 80% or more of you now are thinking, "Oh crap!"

Yes, malwarebytes is pretty good. If you want to take the time to Google the results and learn what does what, HijackThis is very handy for identifying nasty stuff. CAUTION: Do NOT eliminate things unless you know what they are. You can try a log analyzer to help thin them out a bit.

You can get a free virus scan from most vendors. Trend Micro for example has one they call Housecall.

Secunia has one that checks for out of date programs and patches and is very useful.

A combination of these with the antivirus I assume everyone has, and you should be pretty squeaky clean.

quote kanoes: "they must have. can people just get a real job?
ive never clicked the link."

Unfortunately it is a real job.
I heard somewhere that the Chinese government employs millions of people to 'hack' for them.

malwarebytes is a good one to use.

for passwords try useing a sentence like:

I like to eat a sandwich while canoeing naked.

then from that make a password like this

"Il2easwcn8kd" taking the first letter from each word in the sentence and replace any word like "to" with the number 2.


good luck.

Good advice. Another trick is to do something like, use the key one up and one to the right of the real one. So "RapidRunner" becomes "%w-9r%8jj45".

One thing that is a very bad practice is the old advice of "Don't write the password down". That came from the OLD days where someone only needed one or two passwords. With the number of passwords you're expected to use these days, that advice needs to be rewritten as "Write the passwords down in a secure place". I use KeePass to save mine. That way I only need to remember one 'master' password, and I can copy and past the rest from the encrypted KeePass database.

Do NOT write the master password down on a Post-It note taped to your monitor, under your keyboard (or desk, pencil cup, etc). Put it in your wallet with the rest of your valuables.

forgive my email address....looks like the scammer hit alot of people with mine today. and thats after i changed the password at yahoo mail and here.

ono, I just got an email from bwca.com and I opened it!


;)




anyone who wants to get some really good passwords, you can use a free program called password safe to manage them. you can have a super long, incredibly complicated password, and you don't need to remember it cause the program will do it for you.

password safe

nobody will be able to hack your account then.



well, unless they know your mother's maiden name, the street you lived on as a kid, your first pet's name, or your first school. :)