|
Dirty-South Blues Harp forum: wail on! >
Attention admins....
Attention admins....
Page:
1
isaacullah
779 posts
Mar 02, 2010
6:59 PM
|
Just a little word of warning: Another forum I frequent (www.ssguitar.com) was recently hijacked by malicious software. It not only took over the board, but it gave many of the members (including me) malware infections. For most it was mostly innocuous; the malware was a trojan horse that pretended to be your antivirus giving you alert messages, and then asking for you credit card info to "upgrade for full virus protection". The infection started as a drastic increase in SPAM, and then became so full-fledged that Google flagged the board as being "a potential threat to your computer", and redirected you away from the site for a few days until the admins had cleared the virus and Google had updated it's cache.
Given the recent increase in SPAM here on this board, I will attach some info posted by the admins of the ssguitar forum that details the particulars of the virus/malware attack, so that the admins here can be ready to deal with it if it occurs/is also occurring here.
______________________________________
Hi Misteriphys, thanks for reporting.
We are suffering a virus attack for about a month or so.
Members are *strongly* encouraged not to click any suspicious "new" link.
Red flags/danger signs:
*New, previously unknown member (sorry new members, make yourselves known a little, avoid links on your *first* post , ask whatever you want and get invited to link schematics or whatever)
* Posts something irrelevant , such as "my cellphone now works better because ...." , "I found this incredible site full of Manga/Anime/Soccer pictures/whatever"
*Posts random, generic, valid anywhere responses, such as "good post", "security is important", "wash your hands", etc.
There is a new worm specifically written to attack forums such as this one: becomes member, reads all posts until it finds a word repeated often , say, "Stratocaster" and posts phrases like "if you want to see my *Stratocaster* , click: xxx.yyy.com"
Warning: some do not seem to post links in the message body itself, but on the signature.
Well, report if you see one, do not rely on "somebody else will"
Besides the virus problems caused to individual members, it would be a pity that some virus took down this great board.
___________________________________________
And here is some more info about what to do to keep yourself more secure while browsing these forums:
____________________________________________
Hi. I'll paste here a copy of what I answered on our sister Music Electronics Forums some questions about the virus attack we suffered here.
>>>>>>>>>>>>>>>>>>
For all it's worth, I still use Windows 98 (but SE, eh!), and Firefox 2 (two).
I run it in "extremely Paranoid" mode: NO Flash (Flashblock); NO javascript unless I specifically put the page in the whitelist (Controle de Scripts); AdBlockPlus, blocking even "benign adware" such as pesky Google pagead syndication, google analytics, GTalk, etc. ; no Java Console enabled; No animations or embedded music; specific extensions such as .gif or .pdf or .flv do not open into my outdated plugins but into Irfanview, Acrobat, Riva, etc.
My navigation went from slow to snappy, many pages open with blank rectangles where I click if interested, and You Tube vids download to hard disk, to be seen later at will.
I keep an IE copy to browse some sites, such as United flight information or some Microsoft bribed Government pages that do not accept otherwise or lose functionality .
Of course I do not even have Outlook installed.
Yes, some pages do not even open, just show a blank screen and claim "done".
Obviously there is not much "meat" there, only bone and grease.
Linux and Mac boxes, once inherently safe, are starting to get their fair share of malware now.
Un-safety lies in the numbers:
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
That's about it.
__________________________________
Hopefully it does not happen to us over here, but I thought I ought to give everyone a heads up in case it does....
----------
------------------
The magnificent YouTube channel of the internet user known as "isaacullah"
Last Edited by on Mar 02, 2010 7:00 PM
|
jonsparrow
2474 posts
Mar 02, 2010
7:20 PM
|
ya my browser is super protected too. i dont think anything is getting through.
----------
|
Honkin On Bobo
217 posts
Mar 03, 2010
2:02 AM
|
issac,
thanks for the heads up, though i'll confess most of the tech talk is over my head, i still appreciate your heads up
Last Edited by on Mar 03, 2010 2:06 AM
|
jonsparrow
2478 posts
Mar 03, 2010
8:47 AM
|
on a side note iv been getting allot of spam in my email just in the past two days. i dont know if this is related.
----------
|
isaacullah
780 posts
Mar 03, 2010
9:54 AM
|
Jon, I'm not sure if your SPAM in your e-mail is related to the board SPAM virus. Just to be clear, the virus FIRST infects forums (like this one), becoming a forum member, and then automatically posting SPAM in random threads, but doing it "intelligently" so that it seems like a "real" post. YOUR computer only gets infected when you follow the link in the message-board SPAM. To protect yourself, only use links provided by people you know to be real people (ie. people on the board that have been around long enough for you to know by name). Running in "extreme paranoid" mode is probably an over-reaction, but I posted it just in case there are some extremely paranoid folks out there. I was able to fix my infection fairly painlessly, but other members of the ssguitar board had some more serious trouble. I am, however, fairly computer savvy, so I knew what to do. I would advise common sense and a little extra diligence for the time being. These should be all we need to keep our computers and this lovely forum running virus-free! :)
~Isaac
----------
------------------
The magnificent YouTube channel of the internet user known as "isaacullah"
|
MrVerylongusername
940 posts
Mar 03, 2010
9:59 AM
|
Good general advice Isaac, but I suspect the malware you've heard about is designed to infect one of the market leaders like vBulletin. If that's the case it's another reason to keep this quirky little forum just the way it is.
|
Honkin On Bobo
221 posts
Mar 03, 2010
10:04 AM
|
issac,
thanks for the follow-up, good practical advice for the low/medium tech guys like myself.
|
jonsparrow
2480 posts
Mar 03, 2010
10:07 AM
|
ya its weird cause i never had spam before. it normally just got filtered out.
----------
|
isaacullah
782 posts
Mar 03, 2010
10:07 AM
|
@MrVLUN: I suspect you are correct about that. the ssguitar forum uses the same forum design and back end as all the major forums do. It gives them more functionality, but also exposes them to these kinds of threats. There was apparently no real security from these kinds of infections. I think this board, being setup with an uncommon format and backend, will have a greater degree of "natural" protection, but you never know what these virus-builders have up their sleeves!
@HonkinOn: Cheers!
----------
------------------
The magnificent YouTube channel of the internet user known as "isaacullah"
|
isaacullah
783 posts
Mar 03, 2010
10:14 AM
|
Oh, I should add that there is a free anti-malware tool that worked for me to detect and clear the infaction on my computer. It is "Malewarebytes Anti-Malware Tool". There is a pay and a free edition. I used the free edition with great success. You can download it at the Malwarebytes homepage, or through CNET (www.download.com). It's one of the only tools that actually detects this virus, but you have to scan "manually" as it does not offer "always on" protection. Make sure you download the latest virus definitions via Malwarebytes "update" tool, and then run a "quick scan". My actual antvirus program (Microsoft Security Essentials) did not detect the infection at all because it is designed to slip in behind your antivirus, and actually hijack it a bit. Other ssguitar members had the same experience with AVG, MacAffe, and Norton.
----------
------------------
The magnificent YouTube channel of the internet user known as "isaacullah"
|
nacoran
1303 posts
Mar 03, 2010
11:03 AM
|
Remember also that if you put your email address anywhere online in a format that a computer can recognize there are spiders that will pick it up and there is a good chance you'll end up getting spam.
----------
Nate
Facebook
|
Diggsblues
195 posts
Mar 03, 2010
11:28 AM
|
The college I work at had its entire directory hijacked.
For awhile I was getting bounced emails from china that
they used my address for spamming.
|
rharley5652
90 posts
Mar 04, 2010
1:12 AM
|
Issac,.if you run Malwarebytes or Spybot Search and Destroy should you leave your virus protection running during they melware scan ? I'm not computer savvy !!LOLO
----------
Simply Unique Kustom Mic's By Rharley
|
isaacullah
790 posts
Mar 04, 2010
9:47 AM
|
rharley: YES! You should ALWAYS leave your antivirus running. It is protecting you from things that the anti-maleware programs don't really look for. It's a bit confusing, but real computer viruses are different from malware/spyware/adware. Viruses generally are just trying to screw your computer up, and doing so for no particular reason than just to stick it to the man, or whatever. Malware/spyware/adware are virus-like programs that are trying to get something out of you without your consent, like your personal info, your banking info, your credit card number, your shopping preferences, etc. In the process, some malware will screw up your system (just to spite you, I suppose), but many just live innocuously in the background, gathering your personal info, and sending it out over the web to persons unknown....
So, KEEP YOUR ANTIVIRUS ON, but every once and a while (once a week, once every couple of weeks), run a malware scan too.
----------
------------------
The magnificent YouTube channel of the internet user known as "isaacullah"
|
rharley5652
92 posts
Mar 05, 2010
12:15 AM
|
Thanks Isaac,..I'm runnin it as soon as I Finnish this post ,..I've been having weird thing going on lately like Server errors messages an redirecting to other pages,.. maybe this is the fix ??
----------
Simply Unique Kustom Mic's By Rharley
|
Post a Message
|
