Author |
Message |
lotta
Baiting Guru
Joined: 08 Jun 2005
Posts: 13613
Location: 2 Speckled Cct Springfield Lakes QLD 4300
|
Posted:
Sun Dec 30, 2007 6:27 am |
|
I'm sure many of you have been receiving these, as have I.
The subject line is:
Happy New Year to you (or something similar)
then followed by a link to one of the the following:
familypostcards2008
uhavepostcard.com
happycards2008.com
newyearcards2008.com
newyearwithlove.com
Please DO NOT CLICK ON THESE as they are the latest Storm Worm Domains. |
_________________ <a href="/forum/donate.php">[Click here to donate to 419Eater.com]</a> Lead Support Contact for Missing Posts - (pm me)
bank kills
Alan James Watson (AKA Bi Gal, AKA Big Al, AKA De Master Yoda) -2007, 2008, 2009, 2010 "Doos of the year" award winner
Frederick Fokker:
"I am giving you about a month to get your act together, i am cutting you and the eater a bit of slack"
Dec 11, 2007
|
|
|
|
Pastor Frank
Baiting Guru
Joined: 31 Jan 2007
Posts: 12237
|
Posted:
Sun Dec 30, 2007 6:48 am |
|
More info here...(No worries, it's safe ) Edit: I meant the link was, not the Storm Worm!
Click |
_________________ "Father Juan are sure that you are man of God,because your behaviors showed you as unbeliever" -Mary R |
|
|
|
Akai Ryu
Chuck Norris
Joined: 11 Jun 2007
Posts: 1369
|
Posted:
Sun Dec 30, 2007 7:49 am |
|
Thanks Lotta, I was thinking of starting a thread for this, as my main catcher account has been FLOODED with these the past few days. So I am busy posting away about this on all sorts of different fora.
Looking at the informations on Domain Dossier or Domaintools is. . . interesting. . . as it usually is for these kinds of websites.
Could I add that if anyone gets this and wants to report them, do so here:
http://www.castlecops.com/mirt
Make sure to paste in the full headers along with the link. |
_________________ Several hundred fake escrows (and others) deaded--no longer counting.
aa419.org --dead a fake site today.
No, Akai, you're a wonderful bitch. --Reaper |
|
|
|
rootuser
Elite Baiter
Joined: 10 Dec 2007
Posts: 1632
Location: Right behind you
|
Posted:
Sun Dec 30, 2007 8:03 am |
|
I didn't get any of those yet. I'm really disappointed... |
_________________ "..., if it not the destiny has reduced us together, then who?"
"may u die tomorrow in jesus name"
"The devil has eaten away your soul as you will decay in the hail fire, so go and die with your dyning devil hopless devil advocate."
"This is what i sent to them am not with any money to go back to nigeria pls help."
(0.25 go to fake_buster)
x4 Wole A.: Akure, Nigeria to Cotonou, Benin, Akure, Nigeria to Tanguieta, Benin (both with Thomas-the-Tank and Simba), Akure, Nigeria to Kano, Nigeria (with TtT and OD), Akure, Nigeria to Abidjan, Cote d'Ivoire (with TtT)
|
|
|
|
419weasel
Baiting Guru
Joined: 26 Jan 2006
Posts: 4207
Location: Somewhere in a hole. Waiting.
|
Posted:
Sun Dec 30, 2007 8:11 am |
|
|
|
|
Capella
Wannabe Baiter
Joined: 14 Dec 2007
Posts: 95
Location: Pacific Ocean
|
Posted:
Sun Dec 30, 2007 8:17 am |
|
I have a heap of them in one of my baiting accounts. Lucky I haven't clicked any yet.
Thanks for the heads up lotta |
|
|
|
|
Akai Ryu
Chuck Norris
Joined: 11 Jun 2007
Posts: 1369
|
Posted:
Sun Dec 30, 2007 8:43 am |
|
@ Weasel--
Any relevant information available, obviously this includes the domain itself. Most of the time these things are spammed out by zombie computers already part of that botnet army. So the IP and email addresses of these eCard spams are most likely to be that of compromised Windowz machines, usually home PCs.
Here is an example of how they use information on this thread:
http://www.castlecops.com/posts199857-90.html
Here is a partial list of Storm botnet IPs.
http://spamtrackers.eu/downloads/botnets/storm.db.txt |
_________________ Several hundred fake escrows (and others) deaded--no longer counting.
aa419.org --dead a fake site today.
No, Akai, you're a wonderful bitch. --Reaper |
|
|
|
419weasel
Baiting Guru
Joined: 26 Jan 2006
Posts: 4207
Location: Somewhere in a hole. Waiting.
|
Posted:
Sun Dec 30, 2007 9:32 am |
|
|
|
|
CowboyBuck
Elite Baiter
Joined: 04 Aug 2007
Posts: 1077
Location: Riding the Western Union Trail
|
Posted:
Sun Dec 30, 2007 2:06 pm |
|
How does one tell if one has one of those things on one's computer? |
_________________ Accra to Abuja to Lagos
Mr. King - May 2008 to May 2009
A few more
Right now I am getting pissed with your responses
And still you later claimed there are snakes on the road to the Western Union
Please for the sake of humanity help Mr. Felix and I to get this money |
|
|
|
rootuser
Elite Baiter
Joined: 10 Dec 2007
Posts: 1632
Location: Right behind you
|
Posted:
Sun Dec 30, 2007 2:15 pm |
|
Usually a few hours after the first reports come in the scanners should have updates. Sometimes not yet through the normal update-stream, but through manual updates. Symantec for example has an extra package with the absolutely latest definitions for download on their site (don't remember the name of that package though), which includes definitions not yet included in the live-update.
First try running an online-update of your scanner. If you have a 100% positive file that isn't identified try getting a newer package from the site of your scanner. If then it's still not identified then you might want to consider switching the scanner...
ClamAV, a open-source scanner, has proven to be quite quick with new definitions. Where I worked before it found new stuff often earlier than our highly paid Norton Corporate Edition.
Edit: As for identifying if your system has been infected: Usually sites with virus-info might help here. They usually show what kind of files are created by a virus. Also looking at the list of running tasks might help.
Also there is a nice Task Manager that can show security-threads. But it's payware, and I forgot it's name, but might be Security Task Manager.
Other tools like AVG AntiSpy or Windows Defender might find suspicious stuff running. |
_________________ "..., if it not the destiny has reduced us together, then who?"
"may u die tomorrow in jesus name"
"The devil has eaten away your soul as you will decay in the hail fire, so go and die with your dyning devil hopless devil advocate."
"This is what i sent to them am not with any money to go back to nigeria pls help."
(0.25 go to fake_buster)
x4 Wole A.: Akure, Nigeria to Cotonou, Benin, Akure, Nigeria to Tanguieta, Benin (both with Thomas-the-Tank and Simba), Akure, Nigeria to Kano, Nigeria (with TtT and OD), Akure, Nigeria to Abidjan, Cote d'Ivoire (with TtT)
|
|
|
|
Hekate
Elite Baiter
Joined: 08 Aug 2005
Posts: 1338
Location: Scotland, UK
|
Posted:
Sun Dec 30, 2007 5:32 pm |
|
I never open those type of emails anyway! |
_________________ 'suck meee son of a bitches fucking retard peoples' M C phonelad
We have on our programms according to the lay down rules to pay the Asians mostly the indians and malasians now and after that it may change. Rev. James Ucheomma
do you really think that i am just a stupid man like you,listen for the veru last time if i did'nt see XXXX after 24 hours you will heat your self.. [love scammer Chucks]
IT'S NOT I LOOKING FOR WORK.GOD FORBID.I CAN BE IN AN OCEAN AND WASH MY HEAD WITH MY SPIT. THANKS AND GOD BLESS.
MARK DOUGLAS.
2 x
See SP's Irish Safari!
x14
Click here to support 419Eater.com |
|
|
|
kleindoofy
*** BANNED ***
Joined: 24 Oct 2004
Posts: 6248
Location: Europe
|
Posted:
Sun Dec 30, 2007 8:26 pm |
|
Hekate wrote: |
I never open those ... emails ... |
Exactly!
As I have posted many times before, I wouldn't open an ecard even if my mother called me and said she just sent one, from Hallmark.
Even some ecard sites are virus riddled and unsuspecting users send their cards out to relatives and friends, not knowing that they may be condemning their computers to a slow death.
I have my personal email account set to "plain text" - no html, no pics, no nothing.
We bait safe, why don't we email safe? |
|
|
|
|
Akai Ryu
Chuck Norris
Joined: 11 Jun 2007
Posts: 1369
|
Posted:
Sun Dec 30, 2007 9:46 pm |
|
Looks like these links are using javascript to auto-execute a file called happynewyear2008.exe which is the Trojan (Peacomm) that Storm drops onto the computer.
Quote: |
Your download should begin shortly. If your download does not start in approximately 15 seconds, you can click here to launch the download. . . |
Please report these links to Google here as the bad links are showing up first on Google hits:
http://www.google.com/safebrowsing/report_badware/ |
_________________ Several hundred fake escrows (and others) deaded--no longer counting.
aa419.org --dead a fake site today.
No, Akai, you're a wonderful bitch. --Reaper |
|
|
|
Gnasher
Baiting Guru
Joined: 29 May 2006
Posts: 2849
Location: Centre Stage in the Theatre of Cruelty
|
Posted:
Sun Dec 30, 2007 10:47 pm |
|
Too late! My son opened an email headed something like "here are your holiday pictures" and shazam! The home page then re-set to "Virus Help Zone" and other weird stuff. I'm trying to get rid of the *&@^# thing. |
_________________ x21
"you have to pay because he need to submit this form to the Federal Ministry Of Fancies" Barrister John/Mike/Richard Okeke
"they are in deed the swinders rotating about in the net and searching for whom they will stylishly defraud your belongings" A. Moron
"Please pray harder for God to guide and protect us during our travelling because flight airplane i observe is a very big risky" Abdul Karibu
"WE DOESN'T LIKE HOW DISOBIDIENT YOU ARE!" Coco Law Chambers
"BE INFORMED THAT YOU WILL INCUR DUMMERAGE AFTER 9 DAYS FROM TODAY" Burkina Faso Air Secure Air Service.\ |
|
|
|
Pastor Frank
Baiting Guru
Joined: 31 Jan 2007
Posts: 12237
|
Posted:
Mon Dec 31, 2007 7:06 am |
|
Akai Ryu wrote: |
Looks like these links are using javascript to auto-execute a file called happynewyear2008.exe which is the Trojan (Peacomm) that Storm drops onto the computer. |
And if you are running Firefox. http://www.mozilla.com/en-US/firefox/
This extension will help prevent such nasty things. http://noscript.net/
Both are free, please give them a try. It is like putting a condom over your hard drive. |
_________________ "Father Juan are sure that you are man of God,because your behaviors showed you as unbeliever" -Mary R |
|
|
|
FrumpyBB
Baiting Guru
Joined: 22 Nov 2006
Posts: 5988
Location: Germany
|
Posted:
Mon Dec 31, 2007 12:47 pm |
|
Thanks for the NoScript tip, Pastor Frank!
@lotta i wouldn�t have opened them anyway, but thanks for this listing. |
_________________ SIR,I DON'T ENTERTAIN RIGMAROLE AND THERE IS NO ROOM FOR DILLY- DALLY.
the ball is in your cult
x 5 ARK & Co. incl. 1 safari w/ RS17 & NTBS
Dan the lotto man, ARK mugu wedding
Dennis the hitman, co-bait w/ Murry Guru
Zake (w/ SH, SL & Craig)
x 5 Modeling Mugu Meeting, w/ mewing_ghecko & Otterfan & SSC
x 2 another MMM w/ SH
x 13 Later shows and trips for the benefit of M00seknuckle, incl. the 0budu Fact Finding Mission
Come to our Eater University Baiting Tutorials Cos you deserve it. x5 x50+ x 4 -- |
|
|
|
Chibuike
Master of Master Baiters
Joined: 07 Mar 2006
Posts: 693
Location: My corner of the world...
|
Posted:
Tue Jan 01, 2008 2:35 am |
|
All I get are emails wanting to enlarge my penis....but I am a woman damn it! Thanks for the advance warnings. |
_________________ "I didn't know Oscar was a pimp!" Chibuike
"simple....go fuck a tree trunk" Phillip Johnson
<--I got ponies! Wahhooo! |
|
|
|
lotta
Baiting Guru
Joined: 08 Jun 2005
Posts: 13613
Location: 2 Speckled Cct Springfield Lakes QLD 4300
|
Posted:
Thu Jan 03, 2008 3:55 am |
|
Pastor Frank wrote: |
And if you are running Firefox, this extension will help prevent such nasty things. http://noscript.net/ |
Agree 100%
It really is a wonderful extension that I've been using it for ages.... |
_________________ <a href="/forum/donate.php">[Click here to donate to 419Eater.com]</a> Lead Support Contact for Missing Posts - (pm me)
bank kills
Alan James Watson (AKA Bi Gal, AKA Big Al, AKA De Master Yoda) -2007, 2008, 2009, 2010 "Doos of the year" award winner
Frederick Fokker:
"I am giving you about a month to get your act together, i am cutting you and the eater a bit of slack"
Dec 11, 2007
|
|
|
|
Simba
Baiting Guru
Joined: 19 Nov 2006
Posts: 4093
Location: Bila Shaka
|
Posted:
Thu Jan 03, 2008 9:12 am |
|
Chibuike wrote: |
All I get are emails wanting to enlarge my penis.... |
Could you forward one of those to me please..... |
_________________ =5imba Safari Camps
=King Zongo-Ouaga to Accra to Lome to Accra to Lome
=Mr Duru-Ouaga to Accra to Ouaga to Abidjan
=Mr Yetonde-Sierra Leone to Accra
=Mr Jiullus-Abidjan to Accra to Kumasi to Tamale
=Mr Dandy-Abidjan to Monrovia-SSC Liberia
=Mr Mandela-Jo'burg to Maun-SSC Botswana
=Mr Danka-Dakar to Bangul-SSC Gambia
=Mr Twumasi-Accra to Cotonou-SSC Benin
=Mr Gomer-Lagos to Douala to Parakou-SSC Cameroon & SSC Benin
=Mr Chukwu-Lome to Accra to Koforidua. Lome to Lagos. Lome to Cotonou.
|
|
|
|
Doctor X
** ACCOUNT CLOSED **
Joined: 15 Apr 2007
Posts: 766
|
Posted:
Thu Jan 03, 2008 10:30 am |
|
^^^^The headers are quite long. . . .
Anyways, any experience with this on a Mac?
--J.D. |
_________________ וגם־אני נתתי להם חקים לא טובים ומשפטים לא יחיו בהם
ואטמא אותם במתנותם בהעביר כל־פטר רחם למען אשםם למען אשר ידעו אשר אני יהוה |
|
|
|
Doctor X
** ACCOUNT CLOSED **
Joined: 15 Apr 2007
Posts: 766
|
Posted:
Thu Jan 03, 2008 11:09 am |
|
Question answered.
Seems to work well on a Mac.
--J.D. |
_________________ וגם־אני נתתי להם חקים לא טובים ומשפטים לא יחיו בהם
ואטמא אותם במתנותם בהעביר כל־פטר רחם למען אשםם למען אשר ידעו אשר אני יהוה |
|
|
|
lotta
Baiting Guru
Joined: 08 Jun 2005
Posts: 13613
Location: 2 Speckled Cct Springfield Lakes QLD 4300
|
Posted:
Thu Jan 03, 2008 10:58 pm |
|
Chibuike wrote: |
All I get are emails wanting to enlarge my penis....but I am a woman damn it! |
I get those all the time too.....and I don't even have a penis! |
_________________ <a href="/forum/donate.php">[Click here to donate to 419Eater.com]</a> Lead Support Contact for Missing Posts - (pm me)
bank kills
Alan James Watson (AKA Bi Gal, AKA Big Al, AKA De Master Yoda) -2007, 2008, 2009, 2010 "Doos of the year" award winner
Frederick Fokker:
"I am giving you about a month to get your act together, i am cutting you and the eater a bit of slack"
Dec 11, 2007
|
|
|
|
Old Coaster
Baiting Guru
Joined: 25 Nov 2003
Posts: 3045
Location: Don Quijote Country
|
Posted:
Thu Jan 03, 2008 11:09 pm |
|
Doctor X wrote: |
Question answered.
Seems to work well on a Mac.
--J.D. |
What do you mean? Does the Mac become infected?
I had a nasty one earlier today when I was googling hotels in Tasmania and a programme ran on my machine telling me that my pc was infected with malware and to download some programme to clear it. However my machine is a Mac and I did not click on the download. I am assuming I am still clean. |
_________________ For evil to triumph, good men need merely do nothing!
|
|
|
|
Doctor X
** ACCOUNT CLOSED **
Joined: 15 Apr 2007
Posts: 766
|
Posted:
Fri Jan 04, 2008 3:31 am |
|
Old Coaster wrote: |
However my machine is a Mac and I did not click on the download. I am assuming I am still clean. |
Sorry for the long response, but I just re-researched a lot of this, and I want to answer your questions.
I just got into another PC versus Mac argument on ANOTHER FORUM [Boo! Hiss!--Ed.] My basic opinion is that people take their preferences, what they are use to, and go with them. Security begins "between the keyboard and user" as some have said. I love to cite an example from a Mac Guru forum where a Newbie screeched about how his Mac "got hacked" and "I thought they were secure!"
Come to find out he refused to set any passwords--Macs tend to do that. Come to find out he did not turn on even the simple firewall or--what most people do with both PCs and Macs--get a better third-party firewall. Come to find out he allowed "File share" and the modalities that encourage computers to communicate with one another. As one guru admonished him, "leave your laptop open, on the ground, turned on, without a password, and OMFG it might get stolen with your data!!"
If you go to an insecure webpage, enter all your personal data . . . OMFG! Identity theft!!!
That having been written, Macs are more secure. Every few months when this argument comes up, I have to search for trojans, spyware, malware, and virae.
There really are none for Macs compared to like a really hugemongeously large number for PCs. "Those Who Know" claim the OS is more secure. Take that claim for what it is worth. One thing that is certain is you, as a user, have to personally allow anything to run on your computer.
Unless . . . you are an idiot, set no passwords, and try to overrun the warnings that "this is the first time you have run this." In fact, researching this reply, I found yet another "trojan finder/malware stopper" program--for purchase of course--which the reviews all reminded that, "hey, the Mac OS already does that!"
BUT the First . . .
There are security updates for threats. This is what I asked about--particularly javascript. Now, what does that mean? I looked over it over the past few months as I read sites like this one and others on security. Mac does patch these, but what does it mean?
I have no fucking clue! I looked it up--in this argument when the PC-Lover claimed Macs have "more t3h thr34ts lolz!11!"--and the data actually shows otherwise. No "Highly Critical" threats.
So, discussing this privately with some people--including a member HERE--I decided to try blocking javascript. While my computer understanding which believes his OS update replaces the 9nome inside the plastic box with cuter and faster piXies does not really understand what happens, apparently the threat exists. Apparently, even the Storm involved Macs?
So why take the chance? I wanted to make sure the "No Script" would work for FF on a Mac.
It does.
The nice thing is it blocks a lot of adcrap that you individually have to block with Adblock--another great resource. You can also set it to allow it by default on pages like this one. Another thing it blocks is third-party cookies and the like. Saves time having to deny each one as I do on my FF.
Does that make my Mac "more t3h s3cur3?"
No bloody idea, but I like the concept!
It does not seem to slow things down. I have an Old Widdle Mac, and if you have a more modern version, I doubt you would notice it.
BUT Part the Seconde:
Despite my searches, there really is not a large or even existent malware or spyware threat. About six months ago, I searched for it--fearing "t3h spy/malware" spewing evil from my Widdle Mac. There is a "search program," but--long story not-so-short--it does not actually find anything but tracking cookies--something that affects both Macs and PCs and you can set to refuse with your browser. You can also clear them.
One reviewer noted that the only keyloggin, "spyware" it finds are those you download yourself to track things--like your kids. It may be a useful program for a shared computer. Otherwise, you are merely trying to remove something you purposely added to your computer!
One of the "malware/adware" programs created purposefully for a Mac as part of a challenge requires you to go through all of the "hoops" to work--you have to choose to download it, you have to choose to open it, you have to choose to load it, et cetera. Well . . . that hardly counts! To my most recent knowledge they has not been a true "malware/spyware"--unless you count a tracking cookie.
Virae? Few and far between. It is better than about a year ago when in the same debate a PC Lover found a Mac virus . . . for System 6!!! Developed years after it was obsolete, apparently.
So Macs win again!
BUT Parte the Third:
This is critical: while the virus, malware, whatever may not affect your Mac--you can pass it to a friend. This I did not know. This is the reason I now have a very good free virus scan--ClamXav. I do not "open" things in e-mails, but I like to be careful.
The other critical thing is that many Mac users run "virtual PC" programs like "Bootcamp." I do not use this since I do not need to. However, apparently many do. When you do this, you make that part of your Mac vulnerable to PC viruses, and the like. This is something Mac users often do not understand to quote the Gurus.
So . . . I, myself, do not know if the Macs involved in Storm were such Macs. I defer to those with better understanding [Just about everyone.--Ed.]
--J.D. |
_________________ וגם־אני נתתי להם חקים לא טובים ומשפטים לא יחיו בהם
ואטמא אותם במתנותם בהעביר כל־פטר רחם למען אשםם למען אשר ידעו אשר אני יהוה |
|
|
|
Frozboz
AT-AT Squad Leader
Joined: 24 May 2006
Posts: 926
Location: West Dakota
|
Posted:
Fri Jan 04, 2008 3:39 am |
|
Are you a Patriots fan, Dr X? If so, that would explain that wall of text quite a bit...
(go Colts!) |
_________________ "he is fraud just like me so dont send him any money" - manking king
"this people are not human; they are some kind of ill mornitored robots covered with human flesh and they kill for the slightest and most unimportant reasons." - Kabie Elvire
x2
Wooden Trophies: Stormtrooper Helmet - AT-AT #1 - AT-ATs #3, #4 & #5
Brass Trophy: AT-AT #2
x3 |
|
|
|
|
|
View next topic
View previous topic
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|