Full Version: Messages
I am receiving mail about "cool titties...................." and so on, I have tried to open it but don’t have the right video file. But that’s not the case, isn’t it a little out of the ordinary? I don't know where to post this tread but I hope I dont affend any one Sorry.
That link was posted in another forum and I hit the report button and reported it. Admin should be removing it as soon as they can.. Those things upset me too but it's all part of millions of people on the internet and 25 percent of them are trouble. I'm sorry they got you. They probably picked on you because you're beautiful.. 
QUOTE(Nellie @ Jan 26 2007, 07:22 AM) [snapback]10463[/snapback]
I am receiving mail about "cool titties...................." and so on, I have tried to open it but don’t have the right video file. But that’s not the case, isn’t it a little out of the ordinary? I don't know where to post this tread but I hope I dont affend any one Sorry.
OK. First... Do NOT try to open it (I'm not sure why you would want to anyway). It probably contains a virus. Second... Don't click or post the link. because again it could contain a virus. Recently this site has been flooded with this crap.
The board administrators should disable the link.
Please DO NOT open any files or click on any links in the recent spam attack on this site.
It will be taken care of as soon as possible. Thanks
It will be taken care of as soon as possible. Thanks
There are evidently a couple of new Trojans that reared their ugly heads in the past week or so. As Jeanette said, DO NOT click on any links in any message unless you know that they are valid. Also, make sure your virus protection is up to date and don't open any strange emails. Here is what we received from the internet security head at the company I work for:
'Storm' Trojan Hits 1.6 Million PCs; Vista May Be Vulnerable
The goal of the Trojan seems to be to acquire a large botnet, or collection of compromised PCs, that can be used to send traditional scam spams or for later identity mining.
By Gregg Keizer
InformationWeek
Jan 23, 2007 03:43 PM
The Trojan horse that began spreading Friday has attacked at least 1.6 million PCs, a security company said Tuesday.
In addition, it appears that Windows Vista, the new operating system Microsoft will launch next week, is vulnerable to the attack.
Originally dubbed the "Storm worm" because one of the subject heads used by its e-mail touted Europe's recent severe weather, the Trojan's author is now spreading it using subjects such as "Love birds" and "Touched by Love," said Finnish anti-virus vendor F-Secure. The Trojan, meanwhile, piggybacks on the spam as an executable file with names ranging from "postcard.exe" to "Flash Postcard.exe," more changes from the original wave as the attack mutates.
The first several spam blasts of the Trojan -- which was named "Peacomm" by Symantec -- came with current event subject heads, including ones claiming to include video of a Chinese missile attack or proof that Saddam Hussein lives, and bore attached files such as "video.exe."
"Peacomm has, not surprisingly, evolved. The attachments have new filenames, some files [dropped onto the PC] have changed, and the subject lines of the spam are also changing," noted Amado Hidalgo, a researcher with Symantec's security response group, in an entry on the team's blog.
By Symantec's reckoning, Peacomm is the most serious Internet threat in 20 months. Monday, it raised the alert level to "3" in its 1 through 5 scale; the last time the Cupertino, Calif., security software developer tagged a threat as "3" was for Sober.o in May 2005.
So far, Symantec has received 1.6 million detection reports from its sensor system. "This means Peacomm has hit 1.6 million systems in the past seven days," a company spokesman said in an e-mail. An accurate number of infected machines is not yet known.
The most recent variants of the Trojan include rootkit cloaking technologies to hide it from security software, said both F-Secure and Symantec. The latter, however, pointed out that flawed rootkit code voids some of the Trojan maker's plans. "The rootkit service can be stopped by running a simple command: net stop wincom32. All files, registry keys, and ports will appear again," said Hidalgo. A personal firewall also offers some protection from the rootkit, as it will warn you that the Windows process "services.exe" is trying to access the Internet using ports 4000 or 7871.
Peacomm's turn to rootkits brought out comparisons to Rustock, a year-old family of Trojan horses that has become a model of sorts for hackers. Rustock, as Symantec warned in December 2006, relies on rootkit technology, but adds an ability to quickly change form as another evasion tactic.
"It's similar to Rustock," acknowledges Dave Cole, director of Symantec's security response team, "but [Peacomm is] not nearly as technically sophisticated."
As with most large-scale Trojan attacks, the goal seems to be to acquire a large botnet, or collection of compromised PCs, that can be used to send traditional scam spams or for later identity mining.
Symantec's researchers said that PCs hijacked by Peacomm send "tons and tons of penny stock spam" in a typical pump 'n' dump scheme. "During our tests we saw an infected machine sending a burst of almost 1,800 emails in a five-minute period and then it just stopped," said Hidalgo. "We are speculating that the task of sending the junk e-mail is then passed on to another member of the botnet."
Windows 2000 and Windows XP are vulnerable to all the Peacomm variations, but Windows Server 2003 is not; the Trojan's creator specifically excluded that edition of Windows from the code. Symantec's Hidalgo took a guess why. "We presume the malware writers didn't have time to test it on this operating system."
Microsoft's soon-to-release-to-consumers Vista, however, does appear at risk, added Symantec Tuesday. "It appears most if not all variants could execute on Vista," the spokesman said. "The only way the Trojan would be unsuccessful is if somehow Vista is able to detect/prohibit the e-mail. This seems unlikely."
Anti-virus companies have updated their signature databases with fingerprints that identify and then delete (or quarantine) the Trojan as it arrives. Other defensive advice includes filtering traffic on UDP ports 4000 and 7871, update anti-spam products, and configure mail gateways to strip out all executable attachments.
(We were encouraged to forward this to everybody we know so as to help prevent the virus from spreading.)
'Storm' Trojan Hits 1.6 Million PCs; Vista May Be Vulnerable
The goal of the Trojan seems to be to acquire a large botnet, or collection of compromised PCs, that can be used to send traditional scam spams or for later identity mining.
By Gregg Keizer
InformationWeek
Jan 23, 2007 03:43 PM
The Trojan horse that began spreading Friday has attacked at least 1.6 million PCs, a security company said Tuesday.
In addition, it appears that Windows Vista, the new operating system Microsoft will launch next week, is vulnerable to the attack.
Originally dubbed the "Storm worm" because one of the subject heads used by its e-mail touted Europe's recent severe weather, the Trojan's author is now spreading it using subjects such as "Love birds" and "Touched by Love," said Finnish anti-virus vendor F-Secure. The Trojan, meanwhile, piggybacks on the spam as an executable file with names ranging from "postcard.exe" to "Flash Postcard.exe," more changes from the original wave as the attack mutates.
The first several spam blasts of the Trojan -- which was named "Peacomm" by Symantec -- came with current event subject heads, including ones claiming to include video of a Chinese missile attack or proof that Saddam Hussein lives, and bore attached files such as "video.exe."
"Peacomm has, not surprisingly, evolved. The attachments have new filenames, some files [dropped onto the PC] have changed, and the subject lines of the spam are also changing," noted Amado Hidalgo, a researcher with Symantec's security response group, in an entry on the team's blog.
By Symantec's reckoning, Peacomm is the most serious Internet threat in 20 months. Monday, it raised the alert level to "3" in its 1 through 5 scale; the last time the Cupertino, Calif., security software developer tagged a threat as "3" was for Sober.o in May 2005.
So far, Symantec has received 1.6 million detection reports from its sensor system. "This means Peacomm has hit 1.6 million systems in the past seven days," a company spokesman said in an e-mail. An accurate number of infected machines is not yet known.
The most recent variants of the Trojan include rootkit cloaking technologies to hide it from security software, said both F-Secure and Symantec. The latter, however, pointed out that flawed rootkit code voids some of the Trojan maker's plans. "The rootkit service can be stopped by running a simple command: net stop wincom32. All files, registry keys, and ports will appear again," said Hidalgo. A personal firewall also offers some protection from the rootkit, as it will warn you that the Windows process "services.exe" is trying to access the Internet using ports 4000 or 7871.
Peacomm's turn to rootkits brought out comparisons to Rustock, a year-old family of Trojan horses that has become a model of sorts for hackers. Rustock, as Symantec warned in December 2006, relies on rootkit technology, but adds an ability to quickly change form as another evasion tactic.
"It's similar to Rustock," acknowledges Dave Cole, director of Symantec's security response team, "but [Peacomm is] not nearly as technically sophisticated."
As with most large-scale Trojan attacks, the goal seems to be to acquire a large botnet, or collection of compromised PCs, that can be used to send traditional scam spams or for later identity mining.
Symantec's researchers said that PCs hijacked by Peacomm send "tons and tons of penny stock spam" in a typical pump 'n' dump scheme. "During our tests we saw an infected machine sending a burst of almost 1,800 emails in a five-minute period and then it just stopped," said Hidalgo. "We are speculating that the task of sending the junk e-mail is then passed on to another member of the botnet."
Windows 2000 and Windows XP are vulnerable to all the Peacomm variations, but Windows Server 2003 is not; the Trojan's creator specifically excluded that edition of Windows from the code. Symantec's Hidalgo took a guess why. "We presume the malware writers didn't have time to test it on this operating system."
Microsoft's soon-to-release-to-consumers Vista, however, does appear at risk, added Symantec Tuesday. "It appears most if not all variants could execute on Vista," the spokesman said. "The only way the Trojan would be unsuccessful is if somehow Vista is able to detect/prohibit the e-mail. This seems unlikely."
Anti-virus companies have updated their signature databases with fingerprints that identify and then delete (or quarantine) the Trojan as it arrives. Other defensive advice includes filtering traffic on UDP ports 4000 and 7871, update anti-spam products, and configure mail gateways to strip out all executable attachments.
(We were encouraged to forward this to everybody we know so as to help prevent the virus from spreading.)
A great big hug to everyone who has been helping get rid of these spammers by hitting the report button.
A bigger hug to Laura and Jeanette who usually get to the spam and have it already deleted before I get a notification!
Another big hug to the wonderful individuals who take time from their busy lives to make us aware of the potential dangers of clicking on an unknown link.
You all rock!
PLEASE DO NOT CLICK ON ANY LINK WITHIN THIS FORUM OR ANY OTHER FORUM - UNLESS YOU KNOW THE PERSON WHO HAS POSTED IT!
In the meantime, we will continue to win this battle. The site is being revamped and new security measures will be in place at that time!
Brenda
A bigger hug to Laura and Jeanette who usually get to the spam and have it already deleted before I get a notification!
Another big hug to the wonderful individuals who take time from their busy lives to make us aware of the potential dangers of clicking on an unknown link.
You all rock!
PLEASE DO NOT CLICK ON ANY LINK WITHIN THIS FORUM OR ANY OTHER FORUM - UNLESS YOU KNOW THE PERSON WHO HAS POSTED IT!
In the meantime, we will continue to win this battle. The site is being revamped and new security measures will be in place at that time!
Brenda
"'Storm' Trojan Hits 1.6 Million PCs; Vista May Be Vulnerable "
Please don't click on those links, but the best advice I can give you is:
GET A MAC :-)
Please don't click on those links, but the best advice I can give you is:
GET A MAC :-)
Thank you to everyone for reporting inappropriate posts...it has made it much easier to find and delete them...I have also been passing their information on to admin.
Laura
Laura
Thanks Laura - it was really getting to the point of ridiculous with the obscenities (I'm not a prude but I get enough of this stuff on my regular email account) At one point today I pulled up "View New Posts" and there were 3 new posts.....all of which were obscene!
I know it's hard to prevent it but I do believe that someone should watch some of the new account names that are coming into the site and if they are legitimate or not. There is one that I see on a regular basis named "horsed**k" that I find particularly offensive. Its probably some teenager getting a good laugh but I don't think its very funny and I'm sure there are other's who don't either.
Again, thanks for cleaning this up. It really is appreciated very much.
I know it's hard to prevent it but I do believe that someone should watch some of the new account names that are coming into the site and if they are legitimate or not. There is one that I see on a regular basis named "horsed**k" that I find particularly offensive. Its probably some teenager getting a good laugh but I don't think its very funny and I'm sure there are other's who don't either.
Again, thanks for cleaning this up. It really is appreciated very much.
Joanie...SHHHHH...don't say that to loud they might hear you!!!!
I'm hoping that admin will find a way to ban by IP number...names change but IP stays the same.
Laura
I'm hoping that admin will find a way to ban by IP number...names change but IP stays the same.
Laura
LOL - I edited my post and took out that last line. OOPS Thanks Laura
QUOTE(Laura01 @ Jan 27 2007, 07:23 PM) [snapback]10667[/snapback]
Joanie...SHHHHH...don't say that to loud they might hear you!!!!
I'm hoping that admin will find a way to ban by IP number...names change but IP stays the same.
Laura
Unfortunately, the IP doesn't necessarily stay the same. Someone using dialup will have a different IP every time they connect. Even with broadband IP addresses are subject to change.
Thank you everyone!
Thanks to the help of you wonderful members who have been highly efficient in reporting posts, we are (at least until the next influx) under control. Thank you also to the wonderful moderators who were lightening fast at deleting the horrid posts and topics. Also, kudos to the web administrators, who have been behind the scenes banning their memberships and their IP addresses.
Even with this proactive approach, more will come. We are now a very large and well known site and hence, a prime target for these types of individuals.
Therefore, please continue keeping an eye out for this stuff and reporting the posts and topics, so we can keep the site clean.
Brenda
Thanks to the help of you wonderful members who have been highly efficient in reporting posts, we are (at least until the next influx) under control. Thank you also to the wonderful moderators who were lightening fast at deleting the horrid posts and topics. Also, kudos to the web administrators, who have been behind the scenes banning their memberships and their IP addresses.
Even with this proactive approach, more will come. We are now a very large and well known site and hence, a prime target for these types of individuals.
Therefore, please continue keeping an eye out for this stuff and reporting the posts and topics, so we can keep the site clean.
Brenda
Good job Brenda, Jeanette, Laura and administrators.
Paulette
Paulette
I have been on the internet since before the internet was made public, ( I worked for the Federal Government), and I think this site is exemplary in it's handling of the spam. You are all doing better than any site I have been to. Good job and many thanks for all of your hard work, time and willingness to wear yourselves out.. 
QUOTE(darus67 @ Jan 29 2007, 12:17 PM) [snapback]10859[/snapback]
Unfortunately, the IP doesn't necessarily stay the same. Someone using dialup will have a different IP every time they connect. Even with broadband IP addresses are subject to change.
Darus,
I'm not a techno junkie by a long shot so thanks for the info. Different names and same ip was something I was seeing all the time so I came to that conclusion. A common denominator so to speak.
this is all to much for my poor spam addled brain...heheheheheLaura
I have a friend who might have some advice on how to deal with this. She's very knowledgable (spelling?) when it comes to this. I can email her.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.