Yet more fun with 'ModeratorTeam'

General discussion for players of Oolite.

Moderators: winston, another_commander

User avatar
Cmdr Wyvern
---- E L I T E ----
---- E L I T E ----
Posts: 1649
Joined: Tue Apr 11, 2006 1:47 am
Location: Somewhere in the great starry void

Yet more fun with 'ModeratorTeam'

Post by Cmdr Wyvern »

Sorry to bring this up. The fun just doesn't end... :roll:

Today I got an email from my ISP, who intercepted a hostile spam e-mail aimed at my e-mail account. They wrote me thusly:
It has come to our attention that a malicious email is being sent to oplink.net email accounts with the subject:

Fw: Your profile will be locked in response to a complaint received by the Administration

This email did NOT come from oplink.net.  Please do NOT click on the embedded link in the email.

Thank you very much for your business.

Sincerely,

Oplink.net
Management
These are fellows who don't take this sort of thing lightly, and neither do I. :evil:
I post this as a fair warning to all you guys of what this fiend is up to now.
EDIT: Before anyone asks, no, I didn't click on that bastard's link.
Running Oolite buttery smooth & rock stable w/ tons of eyecandy oxps on:
ASUS Prime X370-A
Ryzen 5 1500X
16GB DDR4 3200MHZ
128GB NVMe M.2 SSD (Boot drive)
1TB Hybrid HDD (For software and games)
EVGA GTX-1070 SC
1080P Samsung large screen monitor
User avatar
allikat
Deadly
Deadly
Posts: 191
Joined: Tue Jan 19, 2010 5:45 pm

Post by allikat »

I kinda feel like I should maybe load up some obscure browser (lynx perhaps???) on my linux machine and go see what the link contains..
Curiosity, as they say, maimed the cat...
Commander Monty, a Python Class Cruiser driver :D
Iron assed bulk haulers for the win!

Of the two trumbles which escaped today from Lave station, only 473 have been located....
Chrisfs
---- E L I T E ----
---- E L I T E ----
Posts: 433
Joined: Sun Sep 20, 2009 10:24 am
Location: California

Post by Chrisfs »

allikat wrote:
I kinda feel like I should maybe load up some obscure browser (lynx perhaps???) on my linux machine and go see what the link contains..
Curiosity, as they say, maimed the cat...
I vaguely remember Lynx, but then I vaguely remember gopher sites as well.
User avatar
Diziet Sma
---- E L I T E ----
---- E L I T E ----
Posts: 6312
Joined: Mon Apr 06, 2009 12:20 pm
Location: Aboard the Pitviper S.E. "Blackwidow"

Post by Diziet Sma »

I still have a Gopher manual floating around somewhere.. :lol:
Most games have some sort of paddling-pool-and-water-wings beginning to ease you in: Oolite takes the rather more Darwinian approach of heaving you straight into the ocean, often with a brick or two in your pockets for luck. ~ Disembodied
User avatar
Cmdr James
Commodore
Commodore
Posts: 1357
Joined: Tue Jun 05, 2007 10:43 pm
Location: Berlin

Post by Cmdr James »

The link will probably contain a binary of some kind, which will not make much sense to you unless you download and run it. I would not suggest that.
User avatar
DaddyHoggy
Intergalactic Spam Assassin
Intergalactic Spam Assassin
Posts: 8515
Joined: Tue Dec 05, 2006 9:43 pm
Location: Newbury, UK
Contact:

Post by DaddyHoggy »

Cmdr James wrote:
The link will probably contain a binary of some kind, which will not make much sense to you unless you download and run it. I would not suggest that.
Unless you like rebuilding (Virtual) Machines...
Selezen wrote:
Apparently I was having a DaddyHoggy moment.
Oolite Life is now revealed here
User avatar
Cmdr Wyvern
---- E L I T E ----
---- E L I T E ----
Posts: 1649
Joined: Tue Apr 11, 2006 1:47 am
Location: Somewhere in the great starry void

Post by Cmdr Wyvern »

Cmdr James wrote:
The link will probably contain a binary of some kind, which will not make much sense to you unless you download and run it. I would not suggest that.
It's very likely the link is a virus bomb, much like the links in the 'ModeratorTeam' spam PMs. I wear the tin foil helmet when checking the email.

Anyhow, this whole business smells doubly fishy, because I keep a very low profile with my home email addy. Very few have it; only family and trusted friends. I used it to sign up here, but even then I chose not to make it public.

:idea: Is it possible the forum's email addy records were hacked? There was that business with the avatar system being hijacked to archive warez awhile back.
Running Oolite buttery smooth & rock stable w/ tons of eyecandy oxps on:
ASUS Prime X370-A
Ryzen 5 1500X
16GB DDR4 3200MHZ
128GB NVMe M.2 SSD (Boot drive)
1TB Hybrid HDD (For software and games)
EVGA GTX-1070 SC
1080P Samsung large screen monitor
User avatar
Cmdr James
Commodore
Commodore
Posts: 1357
Joined: Tue Jun 05, 2007 10:43 pm
Location: Berlin

Post by Cmdr James »

DaddyHoggy wrote:
Cmdr James wrote:
The link will probably contain a binary of some kind, which will not make much sense to you unless you download and run it. I would not suggest that.
Unless you like rebuilding (Virtual) Machines...
Even if you do, I would suggest that its not a good idea. Im sure Ive read of at least PoC malware that can infect the host OS of a virtual machine maybe thats a hallucination, but even if its not true I dont see it as a good idea to go to a dodgy website and run malware just to see what happens.
User avatar
CheeseRedux
---- E L I T E ----
---- E L I T E ----
Posts: 827
Joined: Fri Oct 02, 2009 6:50 pm

Post by CheeseRedux »

<doffing tinfoil hat>

Could this be related to the recent BBS downtime in any way?

(Having no concept of how these things work and interact beyond the basics of "type text - press button - have text magically appear on other people's screens", I'm really just throwing sparks here...)

<undof>
"Actually this is a common misconception... I do *not* in fact have a lot of time on my hands at all! I just have a very very very very bad sense of priorities."
--Dean C Engelhardt
User avatar
ClymAngus
---- E L I T E ----
---- E L I T E ----
Posts: 2514
Joined: Tue Jul 08, 2008 12:31 am
Location: London England
Contact:

Post by ClymAngus »

Hmm, I take it that viewing the source doesn't lend any clues to the nature of this ill advised assault? I mean really, hacking a load of computer users varying in programming competency from light to legendary. I'll check my inbox see if I've got one.

Still it does suggest a worrying advance in forum trojan methodology. One of the problems of standardized forum code, is everybody knows where everything is. The rest as they say, is extraction programming.

Although not the smartest way to get something like this "under the radar". E-mail PM message alert would be a lot more effective in solicitating a reflex keyboard response from an end user. Something like that could be devestating.

So what's the sweep stake looking like? 12 year old in Denmark? Bank of digital gold miners in the Far East? Ex-boardy playing silly bu**ers?
BTBC
Above Average
Above Average
Posts: 21
Joined: Sun Apr 01, 2007 10:10 pm

Post by BTBC »

If you want to be really sure you are safe disconnect your hard drive and use a Linux live CD.
User avatar
ClymAngus
---- E L I T E ----
---- E L I T E ----
Posts: 2514
Joined: Tue Jul 08, 2008 12:31 am
Location: London England
Contact:

Post by ClymAngus »

Probably not a good idea to run as root eather. But then that's grade school stuff.
User avatar
Cmdr James
Commodore
Commodore
Posts: 1357
Joined: Tue Jun 05, 2007 10:43 pm
Location: Berlin

Post by Cmdr James »

ClymAngus wrote:
Probably not a good idea to run as root eather. But then that's grade school stuff.
You say its grade school stuff, but then how many people do you know who run windows as an administrator?

Last time I checked I think I was the only person I knew (in Real Life) who ran as a non priviledged user at home so I guess we still have a long way to go. And I have seen, rarely, but I have seen domain admins on servers browsing the web and so on when they should be a non priviledged user on their own desktop.

FWIW this isnt a dig at windows, I also know penty of people who run their home linux box as root etc.
lfnfan
Deadly
Deadly
Posts: 250
Joined: Tue Mar 24, 2009 1:29 pm
Location: london, uk

Post by lfnfan »

any Windows users have experience of DropMyRights?

From my primitive knowledge, it drops an application's permissions from Admin to Limited when an Admin launches an application. So you can run as an Admin but have eg. browser etc able to perform only Limited user actions....

http://blogs.msdn.com/michael_howard/ar ... ights.aspx

(or better practice: google 'drop my rights' yourself, and it's a few links down :wink: )
User avatar
Cmdr James
Commodore
Commodore
Posts: 1357
Joined: Tue Jun 05, 2007 10:43 pm
Location: Berlin

Post by Cmdr James »

that seems kind of backwards. I think its more normal to run as a normal user, and use runas when you need elevated rights
Post Reply