Loading ...
Sorry, an error occurred while loading the content.

MODERATOR NOTICE -- New phishing and malware rampant on other lists

Expand Messages
  • Justinos Tekton called Justin
    Good morning, all I am very sorry to violate my own rule that virus warnings are off-topic for this list. The rule remains in place, but this is an unusual
    Message 1 of 2 , Apr 13, 2010
    • 0 Attachment
      Good morning, all

      I am very sorry to violate my own rule that virus warnings are off-topic
      for this list. The rule remains in place, but this is an unusual
      circumstance, and I felt a temporary waiver was in order.

      A lot of email lists right now are being bombarded with some new spam
      links, including one that points at a false web site that pretends to be
      Yahoo's login page.

      The site is a "phishing" site, attempting to get you to mindlessly enter
      your username and password. The owners of the site then capture your
      Yahoo credentials and use them to login to your Yahoo account and send
      spam links everywhere, from your email account and in your name. Not
      only that, but there is a strong probability these people would take
      your login name and password to other major sites such as Facebook,
      Twitter, and even the major banks. They would be betting you might use
      the same login/password on multiple sites for convenience.
      Unfortunately, for many novice computer users, their bet would pay off.
      This puts your reputation and possibly even your bank account at risk.

      The problem with this kind of attack is that as list administrator I
      can't stop it from propagating. The virus itself is not sent through the
      list. Rather, a clickable link --- which the list views as perfectly
      valid message content --- is sent. By the time I see it, it's already
      been distributed. To stop this attack depends on YOU, the list readers,
      to be EXTREMELY careful about what links you click from this list and
      from others.

      Here are some brief guidelines:

      * Be careful of the domain in the link. Many of these phishing links
      have domains ending in ".cc" or ".cn" or ".ru" or other two-letter
      country codes.

      * It is trivial for someone to redirect you from a ".com" or ".org"
      domain to something in a more suspicious domain. Be particularly
      careful of URLs that point to "tinyurl" or other forwarding
      services. TinyURL is *legitimate* and not in itself suspect, but
      they can't control what their users do with their service. I'm
      *not* saying to avoid TinyURL -- use it freely, but after it
      redirects you elsewhere, LOOK CAREFULLY at the destination URL in
      your browser address line before you do anything on the site.

      * The first iteration of the phishing message that I saw had a link
      with no explanatory text. If you are posting a link to this list,
      please explain the link so people know it's legitimate. If you are
      reading the list, don't click any link that doesn't have a real
      explanation of what it is. "Some cool photos" or other terse
      phrases are easily generated randomly by spambots, so they do
      not count as an "explanation". However, "Here are some photos
      that I took at the Newcomers' Masqued Ball event in the Kingdom
      of Dragoncat" is clearly SCA-specific and unlikely to be created
      by a spambot. In other words, read carefully before you click.

      * If you run Windows, update your antivirus software and run the new
      version. Preferably, get something that can be booted from a CDROM,
      and take the time to run that.

      * Don't get "socially engineered". If someone contacts you and says
      they are the system administrator and they need your password to
      do something on the server, they are probably lying. Trust me on
      this one...I really *am* a system administrator, and on the
      servers I administer I don't need the users' passwords to do my
      job. I have a master password that lets me do that. Real system
      administrators at banks and Yahoo and so on have the same access,
      so they don't need your password either. Banks don't just "lose"
      your data and "need your help" to get it back. They won't notify
      you by email of problems with your account, precisely *because*
      of the threat of identity theft.

      * Don't install cute desktop widgets or browser extension modules
      from untrusted sources. A fair number of these (notably "Comet
      Cursor" from a few years ago) are actually spyware or other
      malicious software disguised as a friendly little helpful app.

      Again, I'm very sorry to have to violate my own policies and post
      something to this list that is normally badly off-topic. This list,
      however, has several thousand subscribers, and it's a miracle we haven't
      been hit yet with the epidemic that I'm seeing on other lists. It is my
      hope that by posting this warning here, we can avert the problem before
      it starts.

      Bottom line: Be careful out there.

      Thanks for listening, and I now return you to the fun of the Current
      Middle Ages.

      Kind regards,

      Justin
      List Administrator

      --
      ()xxxx[]::::::::::::::::::> <::::::::::::::::::[]xxxx()
      Maistor Justinos Tekton called Justin (Scott Courtney)
      Gules, on a bezant a fleam sable and on a chief dovetailed Or two keys
      fesswise reversed sable.

      justin@... http://4th.com/sca/justin/
    • Finnseach de Locheil/Judith Winner
      The biggest clue that a message contains spam is, if there is no explanatory text with the link. Generally speaking,if someone I know has sent me a link to a
      Message 2 of 2 , May 6, 2010
      • 0 Attachment
        The biggest clue that a message contains spam is, if there is no explanatory
        text with the link. Generally speaking,if someone I know has sent me a link to a
        site but doesn't tell me about it, I contact the person to let them know their
        email account has been compromised...

        Finche/Finnseach
        Dernehealde, Midrealm

        --
        "I'm buying this fleece/fiber now in case I have an emergency... you know,
        sickness, flood, injury, mosquito infestations, not enough chocolate in the
        house, it's Tuesday, I need it for my research project..." ;)
      Your message has been successfully submitted and would be delivered to recipients shortly.