Page 1 of 2

Yet more fun with 'ModeratorTeam'

Posted: Thu Feb 18, 2010 4:40 am
by Cmdr Wyvern
Sorry to bring this up. The fun just doesn't end... :roll:

Today I got an email from my ISP, who intercepted a hostile spam e-mail aimed at my e-mail account. They wrote me thusly:
It has come to our attention that a malicious email is being sent to oplink.net email accounts with the subject:

Fw: Your profile will be locked in response to a complaint received by the Administration

This email did NOT come from oplink.net.  Please do NOT click on the embedded link in the email.

Thank you very much for your business.

Sincerely,

Oplink.net
Management
These are fellows who don't take this sort of thing lightly, and neither do I. :evil:
I post this as a fair warning to all you guys of what this fiend is up to now.
EDIT: Before anyone asks, no, I didn't click on that bastard's link.

Posted: Thu Feb 18, 2010 6:39 am
by allikat
I kinda feel like I should maybe load up some obscure browser (lynx perhaps???) on my linux machine and go see what the link contains..
Curiosity, as they say, maimed the cat...

Posted: Thu Feb 18, 2010 7:04 am
by Chrisfs
allikat wrote:
I kinda feel like I should maybe load up some obscure browser (lynx perhaps???) on my linux machine and go see what the link contains..
Curiosity, as they say, maimed the cat...
I vaguely remember Lynx, but then I vaguely remember gopher sites as well.

Posted: Thu Feb 18, 2010 7:38 am
by Diziet Sma
I still have a Gopher manual floating around somewhere.. :lol:

Posted: Thu Feb 18, 2010 8:36 am
by Cmdr James
The link will probably contain a binary of some kind, which will not make much sense to you unless you download and run it. I would not suggest that.

Posted: Thu Feb 18, 2010 9:52 am
by DaddyHoggy
Cmdr James wrote:
The link will probably contain a binary of some kind, which will not make much sense to you unless you download and run it. I would not suggest that.
Unless you like rebuilding (Virtual) Machines...

Posted: Thu Feb 18, 2010 10:31 am
by Cmdr Wyvern
Cmdr James wrote:
The link will probably contain a binary of some kind, which will not make much sense to you unless you download and run it. I would not suggest that.
It's very likely the link is a virus bomb, much like the links in the 'ModeratorTeam' spam PMs. I wear the tin foil helmet when checking the email.

Anyhow, this whole business smells doubly fishy, because I keep a very low profile with my home email addy. Very few have it; only family and trusted friends. I used it to sign up here, but even then I chose not to make it public.

:idea: Is it possible the forum's email addy records were hacked? There was that business with the avatar system being hijacked to archive warez awhile back.

Posted: Thu Feb 18, 2010 10:38 am
by Cmdr James
DaddyHoggy wrote:
Cmdr James wrote:
The link will probably contain a binary of some kind, which will not make much sense to you unless you download and run it. I would not suggest that.
Unless you like rebuilding (Virtual) Machines...
Even if you do, I would suggest that its not a good idea. Im sure Ive read of at least PoC malware that can infect the host OS of a virtual machine maybe thats a hallucination, but even if its not true I dont see it as a good idea to go to a dodgy website and run malware just to see what happens.

Posted: Thu Feb 18, 2010 10:40 am
by CheeseRedux
<doffing tinfoil hat>

Could this be related to the recent BBS downtime in any way?

(Having no concept of how these things work and interact beyond the basics of "type text - press button - have text magically appear on other people's screens", I'm really just throwing sparks here...)

<undof>

Posted: Thu Feb 18, 2010 10:47 am
by ClymAngus
Hmm, I take it that viewing the source doesn't lend any clues to the nature of this ill advised assault? I mean really, hacking a load of computer users varying in programming competency from light to legendary. I'll check my inbox see if I've got one.

Still it does suggest a worrying advance in forum trojan methodology. One of the problems of standardized forum code, is everybody knows where everything is. The rest as they say, is extraction programming.

Although not the smartest way to get something like this "under the radar". E-mail PM message alert would be a lot more effective in solicitating a reflex keyboard response from an end user. Something like that could be devestating.

So what's the sweep stake looking like? 12 year old in Denmark? Bank of digital gold miners in the Far East? Ex-boardy playing silly bu**ers?

Posted: Thu Feb 18, 2010 10:50 am
by BTBC
If you want to be really sure you are safe disconnect your hard drive and use a Linux live CD.

Posted: Thu Feb 18, 2010 12:28 pm
by ClymAngus
Probably not a good idea to run as root eather. But then that's grade school stuff.

Posted: Thu Feb 18, 2010 1:20 pm
by Cmdr James
ClymAngus wrote:
Probably not a good idea to run as root eather. But then that's grade school stuff.
You say its grade school stuff, but then how many people do you know who run windows as an administrator?

Last time I checked I think I was the only person I knew (in Real Life) who ran as a non priviledged user at home so I guess we still have a long way to go. And I have seen, rarely, but I have seen domain admins on servers browsing the web and so on when they should be a non priviledged user on their own desktop.

FWIW this isnt a dig at windows, I also know penty of people who run their home linux box as root etc.

Posted: Thu Feb 18, 2010 3:02 pm
by lfnfan
any Windows users have experience of DropMyRights?

From my primitive knowledge, it drops an application's permissions from Admin to Limited when an Admin launches an application. So you can run as an Admin but have eg. browser etc able to perform only Limited user actions....

http://blogs.msdn.com/michael_howard/ar ... ights.aspx

(or better practice: google 'drop my rights' yourself, and it's a few links down :wink: )

Posted: Thu Feb 18, 2010 4:08 pm
by Cmdr James
that seems kind of backwards. I think its more normal to run as a normal user, and use runas when you need elevated rights