Oolite Bulletins

Sorry to bring this up. The fun just doesn't end...

Today I got an email from my ISP, who intercepted a hostile spam e-mail aimed at my e-mail account. They wrote me thusly:

It has come to our attention that a malicious email is being sent to oplink.net email accounts with the subject:

Fw: Your profile will be locked in response to a complaint received by the Administration

This email did NOT come from oplink.net.  Please do NOT click on the embedded link in the email.

Thank you very much for your business.

Sincerely,

Oplink.net
Management

These are fellows who don't take this sort of thing lightly, and neither do I.
I post this as a fair warning to all you guys of what this fiend is up to now.
EDIT: Before anyone asks, no, I didn't click on that bastard's link.

I kinda feel like I should maybe load up some obscure browser (lynx perhaps???) on my linux machine and go see what the link contains..
Curiosity, as they say, maimed the cat...

allikat wrote:

I kinda feel like I should maybe load up some obscure browser (lynx perhaps???) on my linux machine and go see what the link contains..
Curiosity, as they say, maimed the cat...

I vaguely remember Lynx, but then I vaguely remember gopher sites as well.

I still have a Gopher manual floating around somewhere..

The link will probably contain a binary of some kind, which will not make much sense to you unless you download and run it. I would not suggest that.

Cmdr James wrote:

The link will probably contain a binary of some kind, which will not make much sense to you unless you download and run it. I would not suggest that.

Unless you like rebuilding (Virtual) Machines...

Cmdr James wrote:

The link will probably contain a binary of some kind, which will not make much sense to you unless you download and run it. I would not suggest that.

It's very likely the link is a virus bomb, much like the links in the 'ModeratorTeam' spam PMs. I wear the tin foil helmet when checking the email.

Anyhow, this whole business smells doubly fishy, because I keep a very low profile with my home email addy. Very few have it; only family and trusted friends. I used it to sign up here, but even then I chose not to make it public.

Is it possible the forum's email addy records were hacked? There was that business with the avatar system being hijacked to archive warez awhile back.

DaddyHoggy wrote:

Cmdr James wrote:

The link will probably contain a binary of some kind, which will not make much sense to you unless you download and run it. I would not suggest that.

Unless you like rebuilding (Virtual) Machines...

Even if you do, I would suggest that its not a good idea. Im sure Ive read of at least PoC malware that can infect the host OS of a virtual machine maybe thats a hallucination, but even if its not true I dont see it as a good idea to go to a dodgy website and run malware just to see what happens.

<doffing tinfoil hat>

Could this be related to the recent BBS downtime in any way?

(Having no concept of how these things work and interact beyond the basics of "type text - press button - have text magically appear on other people's screens", I'm really just throwing sparks here...)

<undof>

Hmm, I take it that viewing the source doesn't lend any clues to the nature of this ill advised assault? I mean really, hacking a load of computer users varying in programming competency from light to legendary. I'll check my inbox see if I've got one.

Still it does suggest a worrying advance in forum trojan methodology. One of the problems of standardized forum code, is everybody knows where everything is. The rest as they say, is extraction programming.

Although not the smartest way to get something like this "under the radar". E-mail PM message alert would be a lot more effective in solicitating a reflex keyboard response from an end user. Something like that could be devestating.

So what's the sweep stake looking like? 12 year old in Denmark? Bank of digital gold miners in the Far East? Ex-boardy playing silly bu**ers?

If you want to be really sure you are safe disconnect your hard drive and use a Linux live CD.

Probably not a good idea to run as root eather. But then that's grade school stuff.

ClymAngus wrote:

Probably not a good idea to run as root eather. But then that's grade school stuff.

You say its grade school stuff, but then how many people do you know who run windows as an administrator?

Last time I checked I think I was the only person I knew (in Real Life) who ran as a non priviledged user at home so I guess we still have a long way to go. And I have seen, rarely, but I have seen domain admins on servers browsing the web and so on when they should be a non priviledged user on their own desktop.

FWIW this isnt a dig at windows, I also know penty of people who run their home linux box as root etc.

any Windows users have experience of DropMyRights?

From my primitive knowledge, it drops an application's permissions from Admin to Limited when an Admin launches an application. So you can run as an Admin but have eg. browser etc able to perform only Limited user actions....

http://blogs.msdn.com/michael_howard/ar ... ights.aspx

(or better practice: google 'drop my rights' yourself, and it's a few links down )

that seems kind of backwards. I think its more normal to run as a normal user, and use runas when you need elevated rights