Elitist Jerks
Register
Blogs
Forums


Go Back   Elitist Jerks » Public Discussion

Reply
 
LinkBack Thread Tools
Old 11/08/07, 8:40 AM   #1
♦ Praetorian
Mike Tyson
 
Praetorian's Avatar
 
Orc Shaman
 
Mal'Ganis
Common Sense / Account Security

I assume every reader of these boards knows better than this, but if you get a PM from someone you don't know asking you to visit a link under some pretense, don't click on the link. Do report the person sending said PMs to me or another mod, however.

Offline
Reply With Quote
Old 11/08/07, 8:46 AM   #2
♦ Praetorian
Mike Tyson
 
Praetorian's Avatar
 
Orc Shaman
 
Mal'Ganis
In particular, today, the following PM was sent by a spambot:
Sorry to msg you out of the blue. Here's the thing.

I wrote a book together with a friend. My boyfriend keeps saying it's no good. I think he's just jealous tho. He's a big time poster here, so I told him I'm going to pick a random person here, and ask them, and we ended up betting on it.

So go to <URL REMOVED> and call it either way. Good or no good.

Thanks.
Obviously do not click on this link. The user in question ("EliteGrrl") has been banned and IP banned already, so we know about this. But please do inform us if any other such PMs appear.

Offline
Reply With Quote
Old 11/08/07, 8:48 AM   #3
Sanderu
Von Kaiser
 
Draenei Shaman
 
Executus (EU)
Thanks for the warning, I just received this PM but saw the banned tag under the user name so I went to check the forums first

Offline
Reply With Quote
Old 11/08/07, 8:52 AM   #4
♦ Praetorian
Mike Tyson
 
Praetorian's Avatar
 
Orc Shaman
 
Mal'Ganis
Pretty poor job of social engineering, IMO.

A proper attempt would've said something like "Hey sorry to message you out of the blue, but I have a theorycraft spreadsheet I wanted to post but I don't want to embarrass myself as I'm new here, and I was wondering if you could take a look at it ( <URL> ) for a second to make sure it's mostly accurate."

I'm not going to lie, I haven't had my coffee yet this morning and I might've actually clicked that.

Offline
Reply With Quote
Old 11/08/07, 8:54 AM   #5
vorda
Bald Bull
 
vorda's Avatar
 
Blood Elf Paladin
 
Jaedenar (EU)
I'm not going to lie, I haven't had my coffee yet this morning and I might've actually clicked that.
So would I probably. Which brings me to this interesting question:
How many of these keyloggers can be stopped by a good functioning updated Antivirus? I obviously havent ever clicked one of those links, so I wouldnt know what my AV (Avira Antivir) would do, but maybe someone here has experience with it?

Offline
Reply With Quote
Old 11/08/07, 8:59 AM   #6
♦ Praetorian
Mike Tyson
 
Praetorian's Avatar
 
Orc Shaman
 
Mal'Ganis
I have not clicked the link myself to confirm, because I'm not that brave/stupid, but the best thing you can do is to browse with Firefox + the addon NoScript, which prevents the automatic execution of any imbedded scripting unless you authorize the specific site. I'm not going to go so far as to say this makes you 100% immune to keyloggers (certainly not if you are manually downloading and running executables) but it's a major step. And of course keep your AV definitions updated and be especially cautious if you realize you've clicked on a link that may be malicious.

Offline
Reply With Quote
Old 11/08/07, 9:14 AM   #7
Evy
Von Kaiser
 
Evy's Avatar
 
Night Elf Rogue
 
Malfurion
NoScript will indeed usually keep keyloggers from working on Firefox. It saved my ass once on a WoW forums link I clicked on absentmindedly. However, I wouldn't really want to risk it on a known malicious link. It's sort of like messing with Biohazard waste just because you have gloves. Even though NoScript gets updated all the time, I wouldn't put 100% faith in it.

I found the background story behind that PM to be pretty amusing. Some chick has a disagreement with her boyfriend and you, the EJ reader, must restore her confidence in herself! It's almost as believable as the "most sex girl ever" posts that seem to pop up on the general forums every now and then.

Offline
Reply With Quote
Old 11/08/07, 9:24 AM   #8
Opioid
Don Flamenco
 
Blood Elf Warlock
 
Kil'Jaeden
Originally Posted by Evy View Post
I found the background story behind that PM to be pretty amusing. Some chick has a disagreement with her boyfriend and you, the EJ reader, must restore her confidence in herself! It's almost as believable as the "most sex girl ever" posts that seem to pop up on the general forums every now and then.
Let it be known that henceforth WoW players are now the supreme arbiters of literature and that we can no longer give our opinions on such matters without severe deliberation, because great responsibility comes with this great power.

Offline
Reply With Quote
Old 11/08/07, 9:32 AM   #9
zirky
Piston Honda
 
Orc Death Knight
 
Kargath
Man, I actually felt special that I had been chosen to resolve a literary conflict between to lovers.

Then someone in the office mentioned they brought in cake today, narrowly saving me from putting my account at risk.

Offline
Reply With Quote
Old 11/08/07, 9:34 AM   #10
Sapa
Piston Honda
 
Troll Hunter
 
Mazrigos (EU)
Link is safe by the way for those clicking it and just now seeing that it could be trojan / keyloger / hijacker. (got it for 2x time myself and was reported by numerous clients).
First time it came from Source Forge pms.

Apparently "someone" is spamming same MSG over half of internet. Link indeed links on book.

Quote: "Don't read IT if you want to have some hair left while you are banning this".


Offline
Reply With Quote
Old 11/08/07, 12:05 PM   #11
Enova
Great Tiger
 
Enova's Avatar
 
Night Elf Hunter
 
Moonglade (EU)
This is what we get for having links to the EJ forums on the Official WOW forums

Now seriously, if anyone does fall for this kind of trick, well, he's likely not going to have security software in the first place...

Originally Posted by XI- View Post
In summary, TBC raiding is easy. 9/10 encounters can be summarized with 1 phrase. Stay out of the fucking fire. If this is too difficult BWL was still there last I checked, so go have at it for some practice.
Originally Posted by Kaubel View Post
You people are idiots
Guilty as charged ^

Offline
Reply With Quote
Old 11/08/07, 12:35 PM   #12
Evy
Von Kaiser
 
Evy's Avatar
 
Night Elf Rogue
 
Malfurion
Originally Posted by Opioid View Post
Let it be known that henceforth WoW players are now the supreme arbiters of literature and that we can no longer give our opinions on such matters without severe deliberation, because great responsibility comes with this great power.
Analyzing what you read/see/hear/etc is just a product of being a rational person, not the product of reading a critical forum, playing a specific game, or otherwise being a smug bastard.

Offline
Reply With Quote
Old 11/08/07, 12:42 PM   #13
Vectivus
foreign contaminant
 
Vectivus's Avatar
 
Draenei Death Knight
 
Korgath
Originally Posted by Evy View Post
Analyzing what you read/see/hear/etc is just a product of being a rational person, not the product of reading a critical forum, playing a specific game, or otherwise being a smug bastard.
Ah, but we're not just smug bastards - we're Elitist Jerks.

I have this vision in my head of you holding a butterfly in your hand named, 'Enjoyment of Life', then crushing the life out of that butterfly. You know, when you get the dust-stuff off their wings all over your hand? Yeah, that would be the souls of the thousands of innocent and harmless jokes you just murdered.

Originally Posted by Betsy View Post
SHOULDA SUCKED DAT DICK!

Canada Offline
Reply With Quote
Old 11/08/07, 1:48 PM   #14
Balkoth
Piston Honda
 
Human Priest
 
Greymane
The only "issue" I had with this is that the contents of any PM are forwarded to my email address as well, so I almost clicked on it early this morning before realizing it might be malicious content. When I checked the EJ site, I could clearly tell, but...

Bottom line, check the EJ site for bannings if you get a weird PM through email.

Offline
Reply With Quote
Old 11/08/07, 2:33 PM   #15
Krathis
Von Kaiser
 
Krathis's Avatar
 
Undead Warlock
 
Cenarion Circle
Originally Posted by Balkoth View Post
The only "issue" I had with this is that the contents of any PM are forwarded to my email address as well, so I almost clicked on it early this morning before realizing it might be malicious content. When I checked the EJ site, I could clearly tell, but...

Bottom line, check the EJ site for bannings if you get a weird PM through email.
Yeah, I actually checked my email first and got my self in trouble over it. I used to have dreams of being an author so figured what the hell, I can at least take a glance at it.

Anyway, to whoever said that that the site's not malicious, it is. I just spent the last hour cleaning every file created today off my pc and changing all my passwords after one of those you have blah blah spyware screens popped up (you know the ones that are almost always directing you to download more spyware).

Offline
Reply With Quote
Old 11/08/07, 3:16 PM   #16
Kelfar
Piston Honda
 
Kelfar's Avatar
 
Blood Elf Mage
 
Bronzebeard
I just got this PM and saw banned under their name so I had to check here first.

Offline
Reply With Quote
Old 11/08/07, 3:35 PM   #17
Psi
Glass Joe
 
Tauren Druid
 
Mal'Ganis
Originally Posted by Krathis View Post
Yeah, I actually checked my email first and got my self in trouble over it. I used to have dreams of being an author so figured what the hell, I can at least take a glance at it.

Anyway, to whoever said that that the site's not malicious, it is. I just spent the last hour cleaning every file created today off my pc and changing all my passwords after one of those you have blah blah spyware screens popped up (you know the ones that are almost always directing you to download more spyware).
I was asleep at the wheel at this one.
Doing a full scan right now, didn't detect anything after clicking on the link.

What specifically did you notice it put on your machine?

Thankfully I'm on a work machine that's fairly heavily secured against things like this (dealing with phishing sites daily tends to implant a lot of crap).

I didn't have NoScripts enabled here, but I was running firefox.

*crosses fingers*

Doing a full scan right now with Windows Defender, seeing if that may catch anything (I assume this is a slightly older attack so it should have the info?)

Offline
Reply With Quote
Old 11/08/07, 3:40 PM   #18
♦ Praetorian
Mike Tyson
 
Praetorian's Avatar
 
Orc Shaman
 
Mal'Ganis
A bunch of people (including security professionals) checked the source of the site in question and found nothing malicious (no iframes, no scripting except a google tracker, etc.). I think you're fine.

Offline
Reply With Quote
Old 11/08/07, 3:49 PM   #19
tsigo
Don Flamenco
 
tsigo's Avatar
 
Tsigo
Undead Priest
 
No WoW Account
Nevermind!

Last edited by tsigo : 11/09/07 at 5:25 AM. Reason: Ba-leted

Offline
Reply With Quote
Old 11/08/07, 4:14 PM   #20
TheSilverHand
Von Kaiser
 
TheSilverHand's Avatar
 
Draenei Shaman
 
Gilneas
Originally Posted by Praetorian View Post
Do report the person sending said PMs to me or another mod, however.
How do we go about doing this? Not that I magically have another message to report, but looking over the interface of the PM system, I don't see a big, fat "REPORT ME" button like I can see in the forum itself.

I see options from marking the message as "Unread" to downloading it as CSV, but nowhere do I see Report. Is that because the account in question is already banned? If that is the case, then, if the user was NOT banned yet, I would see a black button that says "Report Post" (next to the icon that says if the user is online or not), correct?

Offline
Reply With Quote
Old 11/08/07, 4:18 PM   #21
diospadre
Hero of the Horde
 
diospadre's Avatar
 
Undead Warrior
 
Mal'Ganis
You could just send a pm to gurg or boe or someone.

United States Offline
Reply With Quote
Old 11/08/07, 4:23 PM   #22
Stryn
Piston Honda
 
Stryn's Avatar
 
Orc Death Knight
 
Maelstrom
Upon checking my email this morning, I received the same PM through three other forums that I haven't visited in years.

None from EJ though, I feel left out.

Offline
Reply With Quote
Old 11/08/07, 4:55 PM   #23
Krathis
Von Kaiser
 
Krathis's Avatar
 
Undead Warlock
 
Cenarion Circle
Originally Posted by Psi View Post
I was asleep at the wheel at this one.
Doing a full scan right now, didn't detect anything after clicking on the link.

What specifically did you notice it put on your machine?

Thankfully I'm on a work machine that's fairly heavily secured against things like this (dealing with phishing sites daily tends to implant a lot of crap).

I didn't have NoScripts enabled here, but I was running firefox.

*crosses fingers*

Doing a full scan right now with Windows Defender, seeing if that may catch anything (I assume this is a slightly older attack so it should have the info?)
Well I had a bunch of weird files on it this morning and got that spyware pop up I mentioned which managed to by pass my firewall somehow. Then again, if Praetorian is saying it's fine, then it must have been something my mom did before I got on here (which could explain how it got around my firewall).

Offline
Reply With Quote
Old 11/08/07, 5:50 PM   #24
Drunkmunky
Von Kaiser
 
Drunkmunky's Avatar
 
Undead Warlock
 
Jubei'Thos
I was at work so the big bad filter picked it up and wouldn't let me see the page I don't even run antivirus or a software firewall at home because they tick me off too much, havn't had a problem with viruses that I couldn't clean myself since high school =\

Offline
Reply With Quote
Old 11/08/07, 7:33 PM   #25
crimsonsentinel
Bald Bull
 
crimsonsentinel's Avatar
 
Blood Elf Paladin
 
Mal'Ganis
It's times like this I'm glad I use linux at home.

I am now dieing to read this book now though.

United States Offline
Reply With Quote
Reply

Go Back   Elitist Jerks » Public Discussion

Thread Tools

Similar Threads
Thread Thread Starter Forum Replies Last Post
Wowadmin woes, is this common? sickening Public Discussion 2 05/21/07 3:09 PM
Does it make sense to use Blade Flurry on bosses? Jo Public Discussion 15 09/26/06 8:41 AM
Does it make sense to use Blade Flurry on bosses? Jo Public Discussion 3 09/25/06 7:37 PM