Common Sense / Account Security

♦ Praetorian · 11/08/07, 8:40 AM

I assume every reader of these boards knows better than this, but if you get a PM from someone you don't know asking you to visit a link under some pretense, don't click on the link. Do report the person sending said PMs to me or another mod, however.

♦ Praetorian · 11/08/07, 8:46 AM

In particular, today, the following PM was sent by a spambot:

Sorry to msg you out of the blue. Here's the thing.

I wrote a book together with a friend. My boyfriend keeps saying it's no good. I think he's just jealous tho. He's a big time poster here, so I told him I'm going to pick a random person here, and ask them, and we ended up betting on it.

So go to <URL REMOVED> and call it either way. Good or no good.

Thanks.

Obviously do not click on this link. The user in question ("EliteGrrl") has been banned and IP banned already, so we know about this. But please do inform us if any other such PMs appear.

Sanderu · 11/08/07, 8:48 AM

Thanks for the warning, I just received this PM but saw the banned tag under the user name so I went to check the forums first

♦ Praetorian · 11/08/07, 8:52 AM

Pretty poor job of social engineering, IMO.

A proper attempt would've said something like "Hey sorry to message you out of the blue, but I have a theorycraft spreadsheet I wanted to post but I don't want to embarrass myself as I'm new here, and I was wondering if you could take a look at it ( <URL> ) for a second to make sure it's mostly accurate."

I'm not going to lie, I haven't had my coffee yet this morning and I might've actually clicked that.

vorda · 11/08/07, 8:54 AM

I'm not going to lie, I haven't had my coffee yet this morning and I might've actually clicked that.

So would I probably. Which brings me to this interesting question:
How many of these keyloggers can be stopped by a good functioning updated Antivirus? I obviously havent ever clicked one of those links, so I wouldnt know what my AV (Avira Antivir) would do, but maybe someone here has experience with it?

♦ Praetorian · 11/08/07, 8:59 AM

I have not clicked the link myself to confirm, because I'm not that brave/stupid, but the best thing you can do is to browse with Firefox + the addon NoScript, which prevents the automatic execution of any imbedded scripting unless you authorize the specific site. I'm not going to go so far as to say this makes you 100% immune to keyloggers (certainly not if you are manually downloading and running executables) but it's a major step. And of course keep your AV definitions updated and be especially cautious if you realize you've clicked on a link that may be malicious.

Evy · 11/08/07, 9:14 AM

NoScript will indeed usually keep keyloggers from working on Firefox. It saved my ass once on a WoW forums link I clicked on absentmindedly. However, I wouldn't really want to risk it on a known malicious link. It's sort of like messing with Biohazard waste just because you have gloves. Even though NoScript gets updated all the time, I wouldn't put 100% faith in it.

I found the background story behind that PM to be pretty amusing. Some chick has a disagreement with her boyfriend and you, the EJ reader, must restore her confidence in herself! It's almost as believable as the "most sex girl ever" posts that seem to pop up on the general forums every now and then.

Opioid · 11/08/07, 9:24 AM

Originally Posted by Evy

I found the background story behind that PM to be pretty amusing. Some chick has a disagreement with her boyfriend and you, the EJ reader, must restore her confidence in herself! It's almost as believable as the "most sex girl ever" posts that seem to pop up on the general forums every now and then.

Let it be known that henceforth WoW players are now the supreme arbiters of literature and that we can no longer give our opinions on such matters without severe deliberation, because great responsibility comes with this great power.

zirky · 11/08/07, 9:32 AM

Man, I actually felt special that I had been chosen to resolve a literary conflict between to lovers.

Then someone in the office mentioned they brought in cake today, narrowly saving me from putting my account at risk.

Sapa · 11/08/07, 9:34 AM

Link is safe by the way for those clicking it and just now seeing that it could be trojan / keyloger / hijacker. (got it for 2x time myself and was reported by numerous clients).
First time it came from Source Forge pms.

Apparently "someone" is spamming same MSG over half of internet. Link indeed links on book.

Quote: "Don't read IT if you want to have some hair left while you are banning this".

Enova · 11/08/07, 12:05 PM

This is what we get for having links to the EJ forums on the Official WOW forums

Now seriously, if anyone does fall for this kind of trick, well, he's likely not going to have security software in the first place...

Evy · 11/08/07, 12:35 PM

Originally Posted by Opioid

Let it be known that henceforth WoW players are now the supreme arbiters of literature and that we can no longer give our opinions on such matters without severe deliberation, because great responsibility comes with this great power.

Analyzing what you read/see/hear/etc is just a product of being a rational person, not the product of reading a critical forum, playing a specific game, or otherwise being a smug bastard.

Vectivus · 11/08/07, 12:42 PM

Originally Posted by Evy

Analyzing what you read/see/hear/etc is just a product of being a rational person, not the product of reading a critical forum, playing a specific game, or otherwise being a smug bastard.

Ah, but we're not just smug bastards - we're Elitist Jerks.

I have this vision in my head of you holding a butterfly in your hand named, 'Enjoyment of Life', then crushing the life out of that butterfly. You know, when you get the dust-stuff off their wings all over your hand? Yeah, that would be the souls of the thousands of innocent and harmless jokes you just murdered.

Balkoth · 11/08/07, 1:48 PM

The only "issue" I had with this is that the contents of any PM are forwarded to my email address as well, so I almost clicked on it early this morning before realizing it might be malicious content. When I checked the EJ site, I could clearly tell, but...

Bottom line, check the EJ site for bannings if you get a weird PM through email.

Krathis · 11/08/07, 2:33 PM

Originally Posted by Balkoth

The only "issue" I had with this is that the contents of any PM are forwarded to my email address as well, so I almost clicked on it early this morning before realizing it might be malicious content. When I checked the EJ site, I could clearly tell, but...

Bottom line, check the EJ site for bannings if you get a weird PM through email.

Yeah, I actually checked my email first and got my self in trouble over it. I used to have dreams of being an author so figured what the hell, I can at least take a glance at it.

Anyway, to whoever said that that the site's not malicious, it is. I just spent the last hour cleaning every file created today off my pc and changing all my passwords after one of those you have blah blah spyware screens popped up (you know the ones that are almost always directing you to download more spyware).

Kelfar · 11/08/07, 3:16 PM

I just got this PM and saw banned under their name so I had to check here first.

Psi · 11/08/07, 3:35 PM

Originally Posted by Krathis

Yeah, I actually checked my email first and got my self in trouble over it. I used to have dreams of being an author so figured what the hell, I can at least take a glance at it.

Anyway, to whoever said that that the site's not malicious, it is. I just spent the last hour cleaning every file created today off my pc and changing all my passwords after one of those you have blah blah spyware screens popped up (you know the ones that are almost always directing you to download more spyware).

I was asleep at the wheel at this one.
Doing a full scan right now, didn't detect anything after clicking on the link.

What specifically did you notice it put on your machine?

Thankfully I'm on a work machine that's fairly heavily secured against things like this (dealing with phishing sites daily tends to implant a lot of crap).

I didn't have NoScripts enabled here, but I was running firefox.

*crosses fingers*

Doing a full scan right now with Windows Defender, seeing if that may catch anything (I assume this is a slightly older attack so it should have the info?)

♦ Praetorian · 11/08/07, 3:40 PM

A bunch of people (including security professionals) checked the source of the site in question and found nothing malicious (no iframes, no scripting except a google tracker, etc.). I think you're fine.

tsigo · 11/08/07, 3:49 PM

Nevermind!

TheSilverHand · 11/08/07, 4:14 PM

Originally Posted by Praetorian

Do report the person sending said PMs to me or another mod, however.

How do we go about doing this? Not that I magically have another message to report, but looking over the interface of the PM system, I don't see a big, fat "REPORT ME" button like I can see in the forum itself.

I see options from marking the message as "Unread" to downloading it as CSV, but nowhere do I see Report. Is that because the account in question is already banned? If that is the case, then, if the user was NOT banned yet, I would see a black button that says "Report Post" (next to the icon that says if the user is online or not), correct?

diospadre · 11/08/07, 4:18 PM

You could just send a pm to gurg or boe or someone.

Stryn · 11/08/07, 4:23 PM

Upon checking my email this morning, I received the same PM through three other forums that I haven't visited in years.

None from EJ though, I feel left out.

Krathis · 11/08/07, 4:55 PM

Originally Posted by Psi

I was asleep at the wheel at this one.
Doing a full scan right now, didn't detect anything after clicking on the link.

What specifically did you notice it put on your machine?

Thankfully I'm on a work machine that's fairly heavily secured against things like this (dealing with phishing sites daily tends to implant a lot of crap).

I didn't have NoScripts enabled here, but I was running firefox.

*crosses fingers*

Doing a full scan right now with Windows Defender, seeing if that may catch anything (I assume this is a slightly older attack so it should have the info?)

Well I had a bunch of weird files on it this morning and got that spyware pop up I mentioned which managed to by pass my firewall somehow. Then again, if Praetorian is saying it's fine, then it must have been something my mom did before I got on here (which could explain how it got around my firewall).

Drunkmunky · 11/08/07, 5:50 PM

I was at work so the big bad filter picked it up and wouldn't let me see the page

I don't even run antivirus or a software firewall at home because they tick me off too much, havn't had a problem with viruses that I couldn't clean myself since high school =\

crimsonsentinel · 11/08/07, 7:33 PM

It's times like this I'm glad I use linux at home.

I am now dieing to read this book now though.