MODERATOR NOTICE -- New phishing and malware rampant on other lists
- Good morning, all
I am very sorry to violate my own rule that virus warnings are off-topic
for this list. The rule remains in place, but this is an unusual
circumstance, and I felt a temporary waiver was in order.
A lot of email lists right now are being bombarded with some new spam
links, including one that points at a false web site that pretends to be
Yahoo's login page.
The site is a "phishing" site, attempting to get you to mindlessly enter
your username and password. The owners of the site then capture your
Yahoo credentials and use them to login to your Yahoo account and send
spam links everywhere, from your email account and in your name. Not
only that, but there is a strong probability these people would take
your login name and password to other major sites such as Facebook,
Twitter, and even the major banks. They would be betting you might use
the same login/password on multiple sites for convenience.
Unfortunately, for many novice computer users, their bet would pay off.
This puts your reputation and possibly even your bank account at risk.
The problem with this kind of attack is that as list administrator I
can't stop it from propagating. The virus itself is not sent through the
list. Rather, a clickable link --- which the list views as perfectly
valid message content --- is sent. By the time I see it, it's already
been distributed. To stop this attack depends on YOU, the list readers,
to be EXTREMELY careful about what links you click from this list and
Here are some brief guidelines:
* Be careful of the domain in the link. Many of these phishing links
have domains ending in ".cc" or ".cn" or ".ru" or other two-letter
* It is trivial for someone to redirect you from a ".com" or ".org"
domain to something in a more suspicious domain. Be particularly
careful of URLs that point to "tinyurl" or other forwarding
services. TinyURL is *legitimate* and not in itself suspect, but
they can't control what their users do with their service. I'm
*not* saying to avoid TinyURL -- use it freely, but after it
redirects you elsewhere, LOOK CAREFULLY at the destination URL in
your browser address line before you do anything on the site.
* The first iteration of the phishing message that I saw had a link
with no explanatory text. If you are posting a link to this list,
please explain the link so people know it's legitimate. If you are
reading the list, don't click any link that doesn't have a real
explanation of what it is. "Some cool photos" or other terse
phrases are easily generated randomly by spambots, so they do
not count as an "explanation". However, "Here are some photos
that I took at the Newcomers' Masqued Ball event in the Kingdom
of Dragoncat" is clearly SCA-specific and unlikely to be created
by a spambot. In other words, read carefully before you click.
* If you run Windows, update your antivirus software and run the new
version. Preferably, get something that can be booted from a CDROM,
and take the time to run that.
* Don't get "socially engineered". If someone contacts you and says
they are the system administrator and they need your password to
do something on the server, they are probably lying. Trust me on
this one...I really *am* a system administrator, and on the
servers I administer I don't need the users' passwords to do my
job. I have a master password that lets me do that. Real system
administrators at banks and Yahoo and so on have the same access,
so they don't need your password either. Banks don't just "lose"
your data and "need your help" to get it back. They won't notify
you by email of problems with your account, precisely *because*
of the threat of identity theft.
* Don't install cute desktop widgets or browser extension modules
from untrusted sources. A fair number of these (notably "Comet
Cursor" from a few years ago) are actually spyware or other
malicious software disguised as a friendly little helpful app.
Again, I'm very sorry to have to violate my own policies and post
something to this list that is normally badly off-topic. This list,
however, has several thousand subscribers, and it's a miracle we haven't
been hit yet with the epidemic that I'm seeing on other lists. It is my
hope that by posting this warning here, we can avert the problem before
Bottom line: Be careful out there.
Thanks for listening, and I now return you to the fun of the Current
Maistor Justinos Tekton called Justin (Scott Courtney)
Gules, on a bezant a fleam sable and on a chief dovetailed Or two keys
fesswise reversed sable.
- The biggest clue that a message contains spam is, if there is no explanatory
text with the link. Generally speaking,if someone I know has sent me a link to a
site but doesn't tell me about it, I contact the person to let them know their
email account has been compromised...
"I'm buying this fleece/fiber now in case I have an emergency... you know,
sickness, flood, injury, mosquito infestations, not enough chocolate in the
house, it's Tuesday, I need it for my research project..." ;)