Sorry to bring this up. The fun just doesn't end...
Today I got an email from my ISP, who intercepted a hostile spam e-mail aimed at my e-mail account. They wrote me thusly:
It has come to our attention that a malicious email is being sent to oplink.net email accounts with the subject:
Fw: Your profile will be locked in response to a complaint received by the Administration
This email did NOT come from oplink.net. Please do NOT click on the embedded link in the email.
Thank you very much for your business.
Sincerely,
Oplink.net
Management
These are fellows who don't take this sort of thing lightly, and neither do I.
I post this as a fair warning to all you guys of what this fiend is up to now.
EDIT: Before anyone asks, no, I didn't click on that bastard's link.
Running Oolite buttery smooth & rock stable w/ tons of eyecandy oxps on:
ASUS Prime X370-A
Ryzen 5 1500X
16GB DDR4 3200MHZ
128GB NVMe M.2 SSD (Boot drive)
1TB Hybrid HDD (For software and games)
EVGA GTX-1070 SC
1080P Samsung large screen monitor
I kinda feel like I should maybe load up some obscure browser (lynx perhaps???) on my linux machine and go see what the link contains..
Curiosity, as they say, maimed the cat...
Commander Monty, a Python Class Cruiser driver
Iron assed bulk haulers for the win!
Of the two trumbles which escaped today from Lave station, only 473 have been located....
I kinda feel like I should maybe load up some obscure browser (lynx perhaps???) on my linux machine and go see what the link contains..
Curiosity, as they say, maimed the cat...
I vaguely remember Lynx, but then I vaguely remember gopher sites as well.
I still have a Gopher manual floating around somewhere..
Most games have some sort of paddling-pool-and-water-wings beginning to ease you in: Oolite takes the rather more Darwinian approach of heaving you straight into the ocean, often with a brick or two in your pockets for luck. ~ Disembodied
The link will probably contain a binary of some kind, which will not make much sense to you unless you download and run it. I would not suggest that.
It's very likely the link is a virus bomb, much like the links in the 'ModeratorTeam' spam PMs. I wear the tin foil helmet when checking the email.
Anyhow, this whole business smells doubly fishy, because I keep a very low profile with my home email addy. Very few have it; only family and trusted friends. I used it to sign up here, but even then I chose not to make it public.
Is it possible the forum's email addy records were hacked? There was that business with the avatar system being hijacked to archive warez awhile back.
Running Oolite buttery smooth & rock stable w/ tons of eyecandy oxps on:
ASUS Prime X370-A
Ryzen 5 1500X
16GB DDR4 3200MHZ
128GB NVMe M.2 SSD (Boot drive)
1TB Hybrid HDD (For software and games)
EVGA GTX-1070 SC
1080P Samsung large screen monitor
The link will probably contain a binary of some kind, which will not make much sense to you unless you download and run it. I would not suggest that.
Unless you like rebuilding (Virtual) Machines...
Even if you do, I would suggest that its not a good idea. Im sure Ive read of at least PoC malware that can infect the host OS of a virtual machine maybe thats a hallucination, but even if its not true I dont see it as a good idea to go to a dodgy website and run malware just to see what happens.
Could this be related to the recent BBS downtime in any way?
(Having no concept of how these things work and interact beyond the basics of "type text - press button - have text magically appear on other people's screens", I'm really just throwing sparks here...)
<undof>
"Actually this is a common misconception... I do *not* in fact have a lot of time on my hands at all! I just have a very very very very bad sense of priorities."
--Dean C Engelhardt
Hmm, I take it that viewing the source doesn't lend any clues to the nature of this ill advised assault? I mean really, hacking a load of computer users varying in programming competency from light to legendary. I'll check my inbox see if I've got one.
Still it does suggest a worrying advance in forum trojan methodology. One of the problems of standardized forum code, is everybody knows where everything is. The rest as they say, is extraction programming.
Although not the smartest way to get something like this "under the radar". E-mail PM message alert would be a lot more effective in solicitating a reflex keyboard response from an end user. Something like that could be devestating.
So what's the sweep stake looking like? 12 year old in Denmark? Bank of digital gold miners in the Far East? Ex-boardy playing silly bu**ers?
Probably not a good idea to run as root eather. But then that's grade school stuff.
You say its grade school stuff, but then how many people do you know who run windows as an administrator?
Last time I checked I think I was the only person I knew (in Real Life) who ran as a non priviledged user at home so I guess we still have a long way to go. And I have seen, rarely, but I have seen domain admins on servers browsing the web and so on when they should be a non priviledged user on their own desktop.
FWIW this isnt a dig at windows, I also know penty of people who run their home linux box as root etc.
any Windows users have experience of DropMyRights?
From my primitive knowledge, it drops an application's permissions from Admin to Limited when an Admin launches an application. So you can run as an Admin but have eg. browser etc able to perform only Limited user actions....
Is it possible the forum's email addy records were hacked? There was that business with the avatar system being hijacked to archive warez awhile back.
)