|
Author
Text
05/07/2010 11:14PM
seems to be a computer virus going around (or maybe its just spam)-got it now from 3 different bwca.com members as the common thread. email just has a link no other text. i'm not man enough to open it at work and suggest others be cautious!
tg
tg
and into the forest I go to lose my mind and find my soul
05/07/2010 11:43PM
got a few from yahoo accounts and one from hotmail...4 different sources in total. i have been receiving these at my yahoo address. 3 sources i know and have exchanged personal emails with but another unknown to me.
someone pirated my yahoo address a few months ago and blasted my entire address book with spam like 4 messages back to back to back. changed my passwords and no issues since-knock on wood
someone pirated my yahoo address a few months ago and blasted my entire address book with spam like 4 messages back to back to back. changed my passwords and no issues since-knock on wood
and into the forest I go to lose my mind and find my soul
05/08/2010 01:23AM
Well, I clicked the link since it was supposedly from a member here. It was one of those "Viagra" pharmacies. Computer shows no virus after this, though. TW
"Let us live so that when we come to die even the undertaker will be sorry." Mark Twain
05/08/2010 02:52AM
if you are on gmail or yahoo (apparently hotmail now too?) change your password to something hard. (strong password is 8 char containing upper case, lower case, number, and special character) and that seems to prevent this.
if it's a virus and the email is compromised, it will go out to people you know and it will show in your sent mail. Otherwise they can just spoof the sent from address, but they have to guess who to send it to (they could get that from this forum of course if you have your email address showing.)
if it's a virus and the email is compromised, it will go out to people you know and it will show in your sent mail. Otherwise they can just spoof the sent from address, but they have to guess who to send it to (they could get that from this forum of course if you have your email address showing.)
05/08/2010 02:56AM
quote tg: "seems to me like they got into this sites member list or something..."
the site has un-obfuscated email addresses right in mailto links, unfortunately, that's super easy for spammers to harvest, so that's certainly a possibility.
05/08/2010 06:18AM
quote bear bait: "just happened to me.
its a canadian company selling viagra.
its yahoo mail"
I got this same link. I noticed the person from whom it was sent was a member of this site, as were a few of the people in the "sent to" list. I will also note only a few addresses stared with C and the remaining addresses started with D that it was being sent to. Just moving down the alphabet?
05/08/2010 06:23AM
Funny (not really) that this post is here today. I opened my newish gmail inbox this morning to find a bunch of bounced back messages in my inbox supposedly from me. Someone has hacked my address book and sent spam to everyone in my address book.%##@!@$#%#$!
05/08/2010 09:54AM
Whatever you do if you receive a suspect email even from someone you know, don't click on the link.
I am not sure what is going on, but I would recommend folks take the precaution of changing their email account password.
The attempted hacking attempts on sites like this are constant, however, over the last few weeks this activity was up.
I will continue to add more security to the site.
I am not sure what is going on, but I would recommend folks take the precaution of changing their email account password.
The attempted hacking attempts on sites like this are constant, however, over the last few weeks this activity was up.
I will continue to add more security to the site.
05/08/2010 10:05AM
Yeah I changed my password and emailed everyone to not open the e-mail. Luckily I found out right when it sent out all the emails. Hopefully none of my family/friends clicked on the link.
I am not sure how I got it. I never open or click on something that I don't know what it Is.
I am not sure how I got it. I never open or click on something that I don't know what it Is.
05/08/2010 11:35AM
Just thought of this.
A while ago, we had a porno name thread where you put the street you grew up on and your pets name or something like that.
...many email sites those are exactly the answers to the security questions you fill out when creating your account that people can use to get access to your account without a password. If anyone googles that type of thread they probably can get access to your account.
A while ago, we had a porno name thread where you put the street you grew up on and your pets name or something like that.
...many email sites those are exactly the answers to the security questions you fill out when creating your account that people can use to get access to your account without a password. If anyone googles that type of thread they probably can get access to your account.
05/08/2010 02:49PM
Several months ago I started receiving emails, supposedly from a cousin, that link to the Canadian drug company. Her warning to not open it came just after I had done just that. The emails from her account, with the subject blank, have continued to come but I have not opened the subsequent ones.
I have continued to check my "Sent" folder and I do not see any suspicious emails that went out.
Please let me know if anyone has received any of this junk from my account.
I have continued to check my "Sent" folder and I do not see any suspicious emails that went out.
Please let me know if anyone has received any of this junk from my account.
The business of life is the acquisition of memories. In the end that's all there is. ___Mr Carson (Downton Abby)
05/09/2010 12:04AM
Bad stuff. Obviously none of this has anything to do with a Canadian drug company. Most of this comes from former Soviet Block countries or our friends in China, but they hop through different network domains to try to mask where they're really coming from.
These people are parasites, and not in the symbiotic form. Antivirus protection and more is now a "must have" versus a "should have," but still leaves openings.
The Mac is not immune, there have been more-and-more Unix-based viruses and attacks, and the Mac OS is built on a version of Unix. Just pray the Mac doesn't get as popular as Windows or they'll start nailing the Mac. They go where the picking is good.
These people are parasites, and not in the symbiotic form. Antivirus protection and more is now a "must have" versus a "should have," but still leaves openings.
The Mac is not immune, there have been more-and-more Unix-based viruses and attacks, and the Mac OS is built on a version of Unix. Just pray the Mac doesn't get as popular as Windows or they'll start nailing the Mac. They go where the picking is good.
"You guys might not know this, but I consider myself a bit of a loner. I tend to think of myself as a one-man wolf pack." - Alan Garner, The Hangover.
05/09/2010 03:23PM
I got the email, too. Opened it, but didn't click the link. The thing is, it went to my "private" email address, which isn't the one I used when registering on the forums. IIRC, I never shared my private email address with anyone on the forums. Hmmm.
05/09/2010 05:30PM
quote casprrr: "I got the email, too. Opened it, but didn't click the link. The thing is, it went to my "private" email address, which isn't the one I used when registering on the forums. IIRC, I never shared my private email address with anyone on the forums. Hmmm."
who did it come from? They had to have your address somehow.
this isn't the only forum that's had that type of attack, I changed my email password and got a bit more cautious about giving out my address after hearing about this type of attack hitting people on another forum I read.
05/09/2010 07:32PM
who did it come from? They had to have your address somehow.
Actually, it did come from a member on another forum I use, but I don't remember sharing my private email address to anyone on that forum, either - except my Dad (not the person who I received the spam from) - but I suppose he could have shared my other email address with this person. Doesn't seem probable, but certainly is possible.
05/10/2010 08:01AM
I'm a network security analyst, so I work with this all the time. It's possible that some accounts got hacked, but not necessarily so. A number of spammers use forged credentials when they send out email. They wouldn't really use their own, so they take random names out of their list and stuff those into both the TO: and From: fields. I'd guess that someone harvested names from here. Nothing you can really do about it, other than trying to avoid getting your email address harvested in the first place.
This is pretty much what I do in addition to running an up to date antivirus program.
1. Read all my mail in plain text format until I'm sure it's a legit email. I'll convert it to HTML if it has pictures or something and it's obviously written (not just sent) by someone I know.
2. Use good passwords. Special characters (like ^,:'.?&) are your friends. Never use words. Never think you're going to fool the hacker. I guarantee there's someone on this board whose password is 'Passw0rd' and another whose password is something like 'qwerty01'.
3. Keep up to date on patches. That goes for Operating System as well as Adobe, Java, Firefox, etc.
4. Browse safely. I use Firefox along with the WOT, NoScript and AdBlockPlus extensions.
This is pretty much what I do in addition to running an up to date antivirus program.
1. Read all my mail in plain text format until I'm sure it's a legit email. I'll convert it to HTML if it has pictures or something and it's obviously written (not just sent) by someone I know.
2. Use good passwords. Special characters (like ^,:'.?&) are your friends. Never use words. Never think you're going to fool the hacker. I guarantee there's someone on this board whose password is 'Passw0rd' and another whose password is something like 'qwerty01'.
3. Keep up to date on patches. That goes for Operating System as well as Adobe, Java, Firefox, etc.
4. Browse safely. I use Firefox along with the WOT, NoScript and AdBlockPlus extensions.
05/10/2010 08:42AM
Its called spoofing. An email address can be pulled from a website and then sent by a program and make it look like it comes from you.
This makes the email look official and will get more people clicking the link than if they sent an email from "whatever@makeitbigger.com". 9 out of 10 they did not "hack" your email they are just using it to trick people into visiting a site. I recieved the email as well and I seen info@bwca.com as an address that it was also sent to, I knew it was a spoof and deleted it.
This makes the email look official and will get more people clicking the link than if they sent an email from "whatever@makeitbigger.com". 9 out of 10 they did not "hack" your email they are just using it to trick people into visiting a site. I recieved the email as well and I seen info@bwca.com as an address that it was also sent to, I knew it was a spoof and deleted it.
05/10/2010 08:56AM
Do you think the spoofing emails were pulled from someone typing their email into a post, or from some list of emails that this site has?
I hope that question makes sense. I've heard that you should type your email address in a post, if you are doing that, so that it's not complete. example at yahoo dot com instead of example@yahoo.com.
I hope that question makes sense. I've heard that you should type your email address in a post, if you are doing that, so that it's not complete. example at yahoo dot com instead of example@yahoo.com.
05/10/2010 08:57AM
quote Savage Voyageur: "No problem here, Mac Ibook"
SV
I like Macs, and have been using them for years, but Mac users have a false sense of security. It's true, not many if any viruses out there for Macs, but what Mac users (and especially those nimrods at the Apple store) fail to realize is that viruses are not the only way to get yourself screwed on line. There's plenty of mal-ware and spy-ware that can be inadvertantly downloaded while surfing even legitimate websites. Probably good to protect yourself regardless. I run Little Snitch on mine.
Overall, no question, Macs much safer than PC's, but much of that has to do with only having a 2 to 3% market share and less to do with a lock-tight operating system (as Apple people would have you believe).
05/10/2010 09:05AM
Found the problem i think. If you right click the webpage and choose the "view source" it will pull the code that we can see when you look at the page. in that code if you search for "@" you will find every email address that we have linked under our names. that is probably where they pulled it from. a simple
find "@" go left to a " " and a right to a "." then take three more and you now have an email address. do until end of code and you have them all.
find "@" go left to a " " and a right to a "." then take three more and you now have an email address. do until end of code and you have them all.
05/10/2010 09:20AM
I got a few of those emails, but thought they were all from CCBB members. (Clicked on the first one, but i think my antivirus stuff must have caught it - or I couldn't even open it anyway)
This has me curious now - did any of you get one supposedly from my yahoo address?
This has me curious now - did any of you get one supposedly from my yahoo address?
"Enjoy every sandwich"
05/10/2010 09:39AM
quote Rapid Runner: "Found the problem i think. If you right click the webpage and choose the "view source" it will pull the code that we can see when you look at the page. in that code if you search for "@" you will find every email address that we have linked under our names. that is probably where they pulled it from. a simple
find "@" go left to a " " and a right to a "." then take three more and you now have an email address. do until end of code and you have them all. "
So what they did then is they gathered the emails from the site like you say, and then they spoofed it like it was sent from someone on this site...right? (Not actually hacked into their email in this case.) ?? The email I got had the person's real name and not their user name. I'm not exactly sure who it was, first name David (but not Koda). I deleted the email and that's all I remember.
05/10/2010 10:11AM
quote nojobro: "Benutzer...do you think a foreign word is the same as using an English word?"
Yes, depending on the hacker. Part of my job is to crack the passwords and ensure they're good enough. It's a game here. Nobody wants to hear that I cracked their password in 23 seconds. Especially when they use the same one for their bank account.
Many password crackers use a "dictionary attack". Some people think that means Websters. But in reality, my password cracking "dictionary" contains words in many different languages, as well as words with common substitutions (p4$$w0rd,etc), most popular baby names for the past century (various countries), lists of bands, songs, movies and movie characters, lists of acronyms, common passwords, common patterns (12345678, qwerty, asdf, 1111, etc), common street names, every number from 1 to 3000, etc. From experience, I'm guessing about 80% or more of you now are thinking, "Oh crap!"
05/10/2010 10:35AM
Yes, malwarebytes is pretty good. If you want to take the time to Google the results and learn what does what, HijackThis is very handy for identifying nasty stuff. CAUTION: Do NOT eliminate things unless you know what they are. You can try a log analyzer to help thin them out a bit.
You can get a free virus scan from most vendors. Trend Micro for example has one they call Housecall.
Secunia has one that checks for out of date programs and patches and is very useful.
A combination of these with the antivirus I assume everyone has, and you should be pretty squeaky clean.
You can get a free virus scan from most vendors. Trend Micro for example has one they call Housecall.
Secunia has one that checks for out of date programs and patches and is very useful.
A combination of these with the antivirus I assume everyone has, and you should be pretty squeaky clean.
05/10/2010 11:02AM
quote kanoes: "they must have. can people just get a real job?
ive never clicked the link."
Unfortunately it is a real job.
I heard somewhere that the Chinese government employs millions of people to 'hack' for them.
"Miller owns that field, Locke that, and the Mannings the woodland beyond. But none of them owns the landscape." - R.W.Emmerson.
05/10/2010 11:35AM
malwarebytes is a good one to use.
for passwords try useing a sentence like:
I like to eat a sandwich while canoeing naked.
then from that make a password like this
"Il2easwcn8kd" taking the first letter from each word in the sentence and replace any word like "to" with the number 2.
good luck.
for passwords try useing a sentence like:
I like to eat a sandwich while canoeing naked.
then from that make a password like this
"Il2easwcn8kd" taking the first letter from each word in the sentence and replace any word like "to" with the number 2.
good luck.
05/10/2010 02:17PM
Good advice. Another trick is to do something like, use the key one up and one to the right of the real one. So "RapidRunner" becomes "%w-9r%8jj45".
One thing that is a very bad practice is the old advice of "Don't write the password down". That came from the OLD days where someone only needed one or two passwords. With the number of passwords you're expected to use these days, that advice needs to be rewritten as "Write the passwords down in a secure place". I use KeePass to save mine. That way I only need to remember one 'master' password, and I can copy and past the rest from the encrypted KeePass database.
Do NOT write the master password down on a Post-It note taped to your monitor, under your keyboard (or desk, pencil cup, etc). Put it in your wallet with the rest of your valuables.
One thing that is a very bad practice is the old advice of "Don't write the password down". That came from the OLD days where someone only needed one or two passwords. With the number of passwords you're expected to use these days, that advice needs to be rewritten as "Write the passwords down in a secure place". I use KeePass to save mine. That way I only need to remember one 'master' password, and I can copy and past the rest from the encrypted KeePass database.
Do NOT write the master password down on a Post-It note taped to your monitor, under your keyboard (or desk, pencil cup, etc). Put it in your wallet with the rest of your valuables.
05/10/2010 04:59PM
ono, I just got an email from bwca.com and I opened it!
;)
anyone who wants to get some really good passwords, you can use a free program called password safe to manage them. you can have a super long, incredibly complicated password, and you don't need to remember it cause the program will do it for you.
password safe
nobody will be able to hack your account then.
well, unless they know your mother's maiden name, the street you lived on as a kid, your first pet's name, or your first school. :)
;)
anyone who wants to get some really good passwords, you can use a free program called password safe to manage them. you can have a super long, incredibly complicated password, and you don't need to remember it cause the program will do it for you.
password safe
nobody will be able to hack your account then.
well, unless they know your mother's maiden name, the street you lived on as a kid, your first pet's name, or your first school. :)
Subscribe to Thread
Become a member of the bwca.com community to subscribe to thread and get email updates when new posts are added. Sign up Here