| View previous topic :: View next topic |
| Author |
Message |
Jon
Joined: 16 May 2007
Posts: 247
|
 Posted: Wed Aug 11, 2010 3:11 pm Post subject: http://peppercreekvalparaiso.com/photos.php |
  |
|
If you get an IM from anyone asking if it's you in the pic with the link in the subject, please DON'T click it.
peppercreekvalparaiso.com appears to be a safe site, however the photo.php prompts you to download an .scr file. That usually spells bad news for Windows users.
_________________
Jon |
|
| Back to top |
|
 |
|
SiteAdmin
Joined: 30 Oct 2006
Posts: 1331
|
| Posted: Wed Aug 11, 2010 4:05 pm Post subject: |
|
|
Please clarify: Are you getting these IMs here on MDS or are you speaking about something outside the site? If on MDS, please tell me the member name.
_________________
SiteAdmin |
|
| Back to top |
|
|
|
Jon
Joined: 16 May 2007
Posts: 247
|
| Posted: Wed Aug 11, 2010 5:00 pm Post subject: |
|
|
Yahoo IM.
But I'm only getting them from my MDS friends... so far I've received two from Gloriana and one from whatever Pet_porce's new screen name is.
Regardless.. if anyone sees that message anywhere, they probably shouldn't open it and download the .scr file. 
The exact message is:
| Quote: | | is this you on pic??? (link removed so no one will click it) |
_________________
Jon |
|
| Back to top |
|
|
|
Zombie_Bait
Joined: 18 Oct 2009
Posts: 13
|
| Posted: Wed Aug 11, 2010 5:12 pm Post subject: |
|
|
ive gotten those messages too
_________________
Zombie_Bait |
|
| Back to top |
|
|
|
Wolffie
Joined: 10 Dec 2006
Posts: 919
|
| Posted: Wed Aug 11, 2010 5:42 pm Post subject: |
|
|
some time ago it happened to me on twitter. i was not only receiving them I was sending them.
After i cleared cashe and cookies and changed my password and deleted the earliest sender - some paysite I do not remember which one - it stopped.
I did not notice any correlation with MDS.
_________________
Wolffie |
|
| Back to top |
|
|
|
drusilla
Joined: 23 Jan 2008
Posts: 697
|
| Posted: Wed Aug 11, 2010 5:52 pm Post subject: |
|
|
I got messages like that from someone I met on another site. Obviously a scam but unfortunately, changing his password didn't seem to work. Not sure how to fix this one, it's an odd bugger. Whereas it seems like a hack, it's likely a cookie/temp file/malware/etc...
_________________
drusilla |
|
| Back to top |
|
|
|
Guest
|
| Posted: Wed Aug 11, 2010 10:11 pm Post subject: |
|
|
That's been around a while now... I recall getting that over 2-3yrs ago on yahoo as well as Myspace.
_________________
Guest |
|
| Back to top |
|
|
|
Guest
|
| Posted: Wed Aug 11, 2010 11:18 pm Post subject: |
|
|
http://en.wikipedia.org/wiki/Yahoo!_Messenger#Malware
| Quote: | The most common method of delivering a malicious payload is the use of social engineering to construct a message that appears to be coming from a contact on the recipient's contact list. A socially engineered message is one that is written in a friendly, informal manner, that could easily be mistaken as coming from a friend. The message usually will say something like "Click here to see pics of me from vacation!" or "Is this you?" with a web address—known as a "poison URL" -- for the recipient to click. Upon clicking the web address, the recipient is connected to a website containing active content, which is immediately downloaded to the recipient's computer. In most cases, the payload contains an installer, a number of hidden files containing text, and code which causes the same socially engineered message with poison URL to be sent to every contact on the contact list. When the message is sent to all contacts, the cycle starts again, as each contact believes they are receiving a message from a trusted friend. In this manner, IM-borne malware is capable of propagating very rapidly through company and external networks.
Worms and viruses are discovered on a regular basis by security companies, particularly by the three companies with IM-specific security products, Akonix Systems, FaceTime Communications, and Symantec. According to IM security researchers at Akonix, the number of new threats identified each month is 30 to 35, with a high of 88 in October, 2006. |
So with that info I'm going to give you two tools to combat it.
First use Google Chrome. Not IE or Firefox.
Second, install a GOOD virus protection program. I use Eset. It's use of resources is low, and is super easy to use. Symantic, AVG, MacAfee are good programs, but require lots in resources.
The problem you all are talking about is called Facibom.A. Here is some info on it. The most notable I put in a quote below.
http://www.eset.eu/encyclopaedia/win32-facibom-a-backdoor-poison-bmnn-trojandownloader-tonick-gen-b-generic-dx-sqg-trojan
| Quote: | Information stealing
The following information is collected:
passwords
Windows Protected Storage passwords and credentials
The worm collects information related to the following applications:
Mozilla Firefox
Internet Explorer |
The eset link I provided tells you where to look, and how to remove.
Hope that helps.
_________________
Guest |
|
| Back to top |
|
|
|
Gloriana
Joined: 16 Aug 2007
Posts: 281
|
| Posted: Thu Aug 12, 2010 4:11 am Post subject: |
|
|
Yeah yeah yeah ....
I feel stooopid. Fixed mine though.
*shakes head and sends herself back to remedial classes in anti-virus safety*
_________________
Gloriana |
|
| Back to top |
|
|
|
Jon
Joined: 16 May 2007
Posts: 247
|
| Posted: Thu Aug 12, 2010 7:07 am Post subject: |
|
|
Thanks ID.. I was going to research it yesterday but had a migraine that would kill a moose.
_________________
Jon |
|
| Back to top |
|
|
|
|
