Notices
Results 1 to 14 of 14

Thread: Virus infection from this site.

  1. #1 Virus infection from this site. 
    Suspended
    Join Date
    Oct 2009
    Posts
    92
    I am getting emails from admin of this site reportonmg a virus on my computer.
    This redirects me to a site which my anti-virus reports as infected!!
    Whats going on?

    It redirects me to
    http://antispywarenews.com/index.php?affid=16200

    And AVG reports:

    Exploit rouge scanner (type 1006)

    On the site *you* redirect me to!!!!!

    So basically I am curious as to why you repost my computer as having a virus
    whereas the numerous other sites I visit do not...........


    Reply With Quote  
     

  2.  
     

  3. #2  
    Forum Cosmic Wizard SkinWalker's Avatar
    Join Date
    Apr 2005
    Location
    Grand Prairie, TX
    Posts
    2,377
    This was due to a person who joined and sent PMs to several people, myself included, but never submitted any posts.

    Such Private Messages are nearly impossible to prevent on any internet forum and the only way we caught it was that the spammer/criminal who sent it also sent it to an administrator.

    I acted as swiftly as I could and deleted both of the usernames I discovered, which has the effect of removing any unopened and opened PMs from mailboxes that received them. The attacker's email address was then banned as well as the IP address that it originated from.

    I can only assume that the attacker(s) found alternate methods to get around this.

    I offer my deepest apology but remind you that there is no substitute for exercising caution and not clicking links from persons unknown to you. The staff at The Science Forum have no way to prevent this sort of attack short of turning off the PM function.

    Please send me any information you can, especially a quote of the post along with the username, so that I can take action.


    Reply With Quote  
     

  4. #3  
    Suspended
    Join Date
    Oct 2009
    Posts
    92
    How did they get my email address?
    Reply With Quote  
     

  5. #4  
    Suspended
    Join Date
    Oct 2009
    Posts
    92
    OK I figure sending a PM generates an admin email.
    Reply With Quote  
     

  6. #5  
    Veracity Vigilante inow's Avatar
    Join Date
    Oct 2009
    Location
    Austin, TX
    Posts
    3,500
    Quote Originally Posted by SkinWalker
    This was due to a person who joined and sent PMs to several people, myself included, but never submitted any posts.

    Such Private Messages are nearly impossible to prevent on any internet forum and the only way we caught it was that the spammer/criminal who sent it also sent it to an administrator.
    You could adjust the privileges such that users have to submit at least 2 (or even 5, or more) posts within the larger forum prior to be allowed to PM. It wouldn't stop all, but would mitigate most.





    Quote Originally Posted by smokey
    OK I figure sending a PM generates an admin email.
    Correct. You have an email associated with your user account, and you also have your preferences setup to email you when you receive a new PM. All that happened was the spammer sent you a bunch of PMs, and the system notified you based on your settings in preferences.
    Reply With Quote  
     

  7. #6  
    Suspended
    Join Date
    Oct 2009
    Posts
    92
    Quote Originally Posted by inow
    Quote Originally Posted by SkinWalker
    This was due to a person who joined and sent PMs to several people, myself included, but never submitted any posts.

    Such Private Messages are nearly impossible to prevent on any internet forum and the only way we caught it was that the spammer/criminal who sent it also sent it to an administrator.
    You could adjust the privileges such that users have to submit at least 2 (or even 5, or more) posts within the larger forum prior to be allowed to PM. It wouldn't stop all, but would mitigate most.





    Quote Originally Posted by smokey
    OK I figure sending a PM generates an admin email.
    Correct. You have an email associated with your user account, and you also have your preferences setup to email you when you receive a new PM. All that happened was the spammer sent you a bunch of PMs, and the system notified you based on your settings in preferences.
    Yes is the email had came direct from the user I would have been more wary of
    clicking the link.

    I can't find anything on my computer and I have scanned all the likely places.
    My AV says my browser is infected but I have scanned the browser executable and associated files and data and it comes up clean.


    AVG seems to be good at blocking viruses
    Reply With Quote  
     

  8. #7  
    WYSIWYG Moderator marnixR's Avatar
    Join Date
    Apr 2007
    Location
    Cardiff, Wales
    Posts
    5,760
    have you cleared out the temp files ?
    "Reality is that which, when you stop believing in it, doesn't go away." (Philip K. Dick)
    Reply With Quote  
     

  9. #8  
    Forum Cosmic Wizard SkinWalker's Avatar
    Join Date
    Apr 2005
    Location
    Grand Prairie, TX
    Posts
    2,377
    Quote Originally Posted by smokey
    How did they get my email address?
    You have an "EMAIL" button at the bottom of your profile and that's how they sent it to you.

    I've currently banned the user and will probably delete him/her from our database in order to remove PMs from boxes, but I want to capture as many screenshots as I can first and put an IP ban/mailbox ban on them.
    Reply With Quote  
     

  10. #9  
    Veracity Vigilante inow's Avatar
    Join Date
    Oct 2009
    Location
    Austin, TX
    Posts
    3,500
    Quote Originally Posted by SkinWalker
    Quote Originally Posted by smokey
    How did they get my email address?
    You have an "EMAIL" button at the bottom of your profile and that's how they sent it to you.
    Ah... I suppose that renders my suggestion above moot (unless a similar privilege restriction can be placed on use of the EMAIL button).
    Reply With Quote  
     

  11. #10  
    Forum Isotope (In)Sanity's Avatar
    Join Date
    Oct 2004
    Location
    Mesa AZ
    Posts
    2,697
    I may have to disable PM's for a while until this problem can be handled in other ways.
    Pleased to meet you. Hope you guess my name
    Reply With Quote  
     

  12. #11  
    Suspended
    Join Date
    Oct 2009
    Posts
    92
    I can't seem to read PM's sent to me now, other than the one I sent myself
    Reply With Quote  
     

  13. #12  
    Suspended
    Join Date
    Oct 2009
    Posts
    92
    Quote Originally Posted by marnixR
    have you cleared out the temp files ?
    No but I scanned them.

    Thing is I would know if I had a virus as my AV resident shield would pick it up.
    I mean it picked up the infected site the redirected me too.

    Also I had not visited her for a while when I got the email so that's odd.
    Reply With Quote  
     

  14. #13  
    Moderator Moderator TheBiologista's Avatar
    Join Date
    Aug 2008
    Posts
    2,569
    Quote Originally Posted by smokey
    I can't seem to read PM's sent to me now, other than the one I sent myself
    Post right before yours might explain that?
    Reply With Quote  
     

  15. #14  
    Forum Isotope (In)Sanity's Avatar
    Join Date
    Oct 2004
    Location
    Mesa AZ
    Posts
    2,697
    Some PM's were deleted in an attempt to minimize this problem. You also are now very restricted on the number of messages in your outbox.
    Pleased to meet you. Hope you guess my name
    Reply With Quote  
     

Bookmarks
Bookmarks
Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •